Press release

Businesses urged to act as two in five UK firms experience cyber attacks in the last year

Two in five businesses (39 per cent) and a quarter of charities (26 per cent) report having cyber security breaches or attacks in the last 12 months.

For the Cyber Security Breaches Survey 2021, head here: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021
  • New report suggests the cyber risk to organisations is heightened because of the pandemic
  • Data shows fewer businesses are taking recommended cyber security measures
  • Government urges organisations to follow expert guidance to boost their online resilience

Two in five businesses (39 per cent) and a quarter of charities (26 per cent) report having cyber security breaches or attacks in the last 12 months, according to new figures from the Department for Digital, Culture, Media and Sport (DCMS).

The Cyber Security Breaches Survey 2021 report also shows the cyber risk to organisations is heightened because of the pandemic, which has made securing digital environments more challenging as organisational resources are diverted to facilitating home working for staff.

The government is now encouraging businesses, charities and educational institutions to follow the free help and guidance from the UK cyber security experts at the National Cyber Security Centre (NCSC). It includes advice on the secure use of video conferencing, secure home working and how to move your business from physical to digital. This week the centre also published new guidance specifically to help educators boost their cyber resilience.

Digital Infrastructure Minister Matt Warman said:

The pandemic has taken an unavoidable toll on British businesses but we cannot let it disrupt our high cyber security standards.

With more people working remotely it is vital firms have the right protections in place, and I urge all organisations to follow the National Cyber Security Centre’s expert guidance so we can build back better and drive a new era of digital growth.

The new data shows fewer businesses are using security monitoring tools to identify abnormal activity which could indicate a breach - suggesting firms are less aware than before of the breaches and attacks staff are facing. The figure has dropped five per cent since last year to one in three firms (35 per cent). Only 83 per cent of businesses have up-to-date anti-virus software - also down five per cent from the previous year.

The most common breaches or attacks were phishing emails, followed by instances of others impersonating their organisation online, viruses or other malware including ransomware.

Where a breach has resulted in a loss of data or assets, the average cost of a cyber attack on a business is £8,460. This figure rises to £13,400 for medium and large businesses.

The figures also reveal nearly half of businesses (47 per cent) have staff using personal devices for work, but only 18 per cent have a cyber security policy on how to use those personal devices at work. Less than a quarter of businesses (23 per cent) have a cyber security policy covering home working.

Despite the challenges of the pandemic, cyber security remains a high priority for business leaders. More than three quarters (77 per cent) of businesses say cyber security is a high priority - up 12 per cent from the 2016 report.

The government is investing £1.9 billion in the National Cyber Security Strategy over five years to support a prosperous digital economy. This includes delivering a programme to improve businesses cyber resilience, set high industry standards and provide organisations with expert advice and guidance.

Earlier this month the Digital Secretary Oliver Dowden set out his ten tech priorities which included keeping the UK safe and secure online and the government last week published its groundbreaking Integrated Review of defence and security.

The review sets the goal of cementing the UK’s position as a responsible and democratic cyber power and announced a commitment to publish a new National Cyber Strategy later this year. The strategy will set out how the UK intends to build a more resilient digital nation and realise the benefits that cyberspace can bring.

DCMS is also reviewing what more the government can do to improve businesses’ resilience and cyber security, as well as progressing work to make sure consumer smart devices are more secure.

ENDS

Notes to editors:

  • The Cyber Security Breaches Survey is an Official Statistic and has been produced to the standards set out in the Code of Practice for Statistics.
  • The Cyber Security Breaches Survey 2021 was carried out for DCMS by Ipsos MORI with the fieldwork conducted between October 2020 and January 2021.
  • The annual Cyber Security Breaches Survey is part of the government’s National Cyber Security Strategy, which is investing £1.9 billion over five years to make the UK the safest place to live and work online.
Published 24 March 2021