The Cyber Security Breaches Survey 2021 was published on the 24th of March 2021. The survey was carried out by Ipsos MORI on behalf of The Department for Digital, Culture, Media and Sport (DCMS). Read full survey here.
The purpose of the survey was to gather information about attitudes towards cyber security and assess the impact that COVID-19 has had on organizations in the UK. Below are some of the key findings from the survey.
- 39% of businesses report having cyber security breaches or attacks in the last 12 months (down from 46% in 2020). 65% were medium sized businesses and 64% were large businesses.
- Of the 39% of business that reported having been breached or attacked in the last 12 months, 21% of them ended up losing money, data or other assets. 35% of them have reported being negatively impacted due to a loss of time, resources and other forms of disruption.
- The average (mean) cost of all the cyber security breaches these businesses have experienced in the past 12 months is estimated to be £8,460. For medium and large firms combined, this average cost is higher, at £13,400.
- 35% of businesses are deploying security monitoring tools (down from 40% in 2020), while 32% are undertaking some form of user monitoring (down from 38% in 2020).
- 27% have identified breaches or attacks at least once a week. 83% were phishing attacks and 27% were categorized as “impersonation”.
- 77% say cyber security is a high priority for their directors or senior managers (up from 69% in 2016).
- 50% update their senior management teams about the actions taken on cyber security at least quarterly.
- 84% say COVID-19 has made no change to the importance they place on cyber security.
- 34% use a Virtual Private Network (VPN).
- 83% report having up-to-date malware protection (down from 88% in 2020).
- 78% have set up network firewalls (down from 83% in 2020).
- 32% of large businesses have laptops with unsupported versions of Windows installed.
- 43% of businesses have taken out some form of cyber insurance (up from up from 32% in 2020).
- 34% have carried out a cyber security risk assessments
- 20% have carried out mock phishing exercises to test their staff.
- 15% have carried out cyber security vulnerability audits.
- 12% have carried out an assessment of cyber security risks posed by suppliers.
- 31% have a business continuity plan that covers cyber security.
- 23% have cyber security policies that cover home working and 18% have policies that cover the use of personal devices for work.
- 46% are using smart (i.e. network-connected) devices in workplaces.
Some of these statistics are concerning. Not enough companies have the technology in place to provide adequate visibility over where their sensitive data is, who has access to it, and what users are doing with it. Without this visibility, security incidents are likely.
If you’d like to see how Lepide can help you get the visibility you need to be compliant with industry standards and reduce the risk of a security threat, schedule a demo of the Lepide Data Security Platform with one of our engineers or start your free trial today.