The government of UK carried out a Cyber Security Breaches Survey. The quantitative survey was carried out in winter 2017 and the qualitative survey was carried out in early 2018. This survey could be useful for organisations to understand the significance and kind of cyber-attacks they face. This survey could also give updates about all the necessary steps taken by organisations to avoid cyber- attacks. It could also prove useful in helping UK government in shaping future policy in this area . Following is the comparison of some significant statistics from last two years.
A. Cyber Security Breaches in UK
According to the Cyber Security Breaches Survey (CSBS) held in 2017 and 2018: overall 45% of micro businesses detected cyber breaches in 2017 and 42% in 2018, 66% of medium business identified cyber-attacks in 2017 and 64% in 2018 while 68% of large businesses found security breaches in 2017 and 72% in 2018. These statistics clearly shows that micro and medium businesses have detected a bit less security attacks in 2018 as compared to 2017, whereas there is a clear increase in cyber-attacks detection in large businesses in 2018 .
Fig-1 Cyber Security Breaches UK
B. Average Cost spent on Security Breaches in UK
According to CSBS, the average (mean) cost of all breaches identified for micro businesses was £1380 in 2017 and £894 in 2018. The medium business had average cost of security breaches £3070 in 2017 and £8180 in 2018. Similarly, large business average cost spent on identifying security attacks was £19600 in 2017 and £92600 in 2018. Overall the average cost spends on security breaches decreased for micro businesses and increased for medium and large businesses .
Fig-2 Average cost spent on security breaches in UK
C. Security Checks Performed Percentage in UK
There are companies who were vigilant in fight against cyber crime and carried out health checks, risk assessments or audits to identify cyber security risks. According to CSBS, 57% of micro companies carried out such tests in 2017 and 55% in 2018. The 77% of medium size business carried such tests in 2017 and 79% in 2018. The 86% of Large business also carried out such tests and assessments in 2017 and 89% in 2018. The micro businesses mostly think that they were not big enough to be a cyber-attack target, therefore the number of companies who carried out health checks and risk assessments went down in 2018. But medium and large business awareness level was improved as a result the number of companies who performed such tests and assessments clearly increased in 2018 .
Fig-3 Security checks performed percentage in UK
D. Incident Management Process in place Percentage in UK
For every company to survive after cyber-attacks, it is imperative that they have Incident Management Process (IMP) in place. These IMPs could help the IT staff of company to navigate through the aftermath of cyber-attacks and guide them how to stop these attacks from happening in future. According to CSBS, 73% of micro businesses had such IMPs in place in 2017 and 12% in 2018. The 24% of medium businesses had IMPs in place in 2017 and 19% in 2018. The 45% of large business were able to put IMPs in place in 2017 and 46% in 2018. For micro businesses, the number of companies who had some kind of IMPs in place went down significantly in 2018 as compared to medium businesses where there is a minor reduction. This reduction was due to less awareness and over confidence that they were not big enough to be a target. At the same time, large companies numbers increased slightly in 2018 which put IMPs in place .
Fig-4 Incident Management Process in place Percentage in UK
E. Security Attacks % vs Security Checks %
It is imperative to compare and analyse the CSBS data to see if the cyber-attacks were decreased by employing security checks. In Fig-5, it is shown that micro businesses were able to reduce cyber-attacks % even though the number of companies who performed security checks was reduced slightly. Whereas medium businesses were able to reduce cyber attacks % by increasing security checks in 2018 as compared to 2017. On the other hand, Large businesses was able to reduce the cyber-attacks in 2017, while the number of companies which carried out security tests was increased. Even though the number of companies performing security checks increased in 2018 at the same time the number of cyber-attacks also increased. This means that Large companies are more vulnerable to cyber-attacks and there is a need to place more strong security checks in place to avoid such attacks.
Let us know If you have any questions or suggestions about Brexit impact on Cyber Security in UK. Share your thoughts in the comments section!
Do you know anyone who would like to read the information in this post? Share it with them on facebook, twitter and linkedIn.
Please remember that sharing is caring!