IT disaster recovery, cloud computing and information security news

UK Government publishes annual Cyber Security Breaches Survey

The Cyber Security Breaches Survey is a quantitative and qualitative survey of UK businesses and charities which is published each year by the Government, providing a useful record of how cyber attacks have developed.

This year's report was published by the Department for Digital, Culture, Media & Sport and was supported by Ipsos MORI and the University of Portsmouth.

Key findings include:

  • Fewer businesses have identified breaches or attacks than in previous years, but the businesses that have identified attacks are typically experiencing more of them.
  • Around a third (32 percent) of businesses report having cyber security breaches or attacks in the last 12 months. As in previous years, this is much higher specifically among medium businesses (60 percent), large businesses (61 percent) and high-income charities (52 percent).
  • The report says that ‘one plausible explanation for fewer businesses identifying breaches is if they are generally becoming more cyber secure. The survey shows that businesses have increased their planning and defences against cyber attacks since 2018. This may have resulted in fewer attacks overcoming their systems, and fewer businesses recording any cases. Another possibility is a change in attacker behaviour, with more attacks being focused on a narrower (though still numerous) range of businesses.’ Alternatively, ‘the trend may, in part, be explained by a change in the way business responded to the survey question’, with GDPR leading to some businesses becoming less willing to admit to having cyber security breaches.
  • Where businesses have lost data or assets through cyber security breaches, the financial costs from such incidents have consistently risen since 2017. However, qualitative findings suggest that indirect costs, long-term costs and intangible costs of breaches tend to be overlooked, meaning that organizations may be undervaluing the true cost and impact of cyber security breaches.
  • Around three-quarters of businesses (78 percent) say that cyber security is a high priority for their organization’s senior management. This is higher than in 2018, when it was 74 percent of businesses, and reflects a longer-term upwards trend going back to 2016 (when it was 69 percent).
  • Just over a third of businesses (35 percent) have a board member specific responsibility for cyber security. This is higher than in 2018 when it was 30 percent.
  • Very few organizations (16 percent of businesses) have formal cyber security incident management processes in place.

Read the report (PDF).



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.