Cybersecurity Breaches Survey 2024 - Key Insights and Best Practices

October marks Cybersecurity Awareness Month, a crucial time to reflect on the ever-evolving landscape of cyber threats and fortify our defences. The Government's "Cybersecurity Breaches Survey 2024," published on April 9, 2024, sheds light on the current state of cyber threats and highlights the lessons we must learn to safeguard our businesses and charities. Here’s a detailed summary of the survey findings, along with practical insights to enhance your cybersecurity posture.

Understanding the Cyber Threat Landscape

The 2024 survey reveals a persistent and troubling reality - cybersecurity breaches and attacks are widespread. Approximately 50% of businesses and 32% of charities have reported experiencing some form of breach or attack in the past year. This statistic underscores the critical need for robust cybersecurity measures, particularly for medium and large organisations where the figures are significantly higher—70% of medium-sized businesses, 74% of large businesses, and 66% of high-income charities have been affected.

Phishing remains the most prevalent threat, affecting 84% of businesses and 83% of charities. This is followed by impersonation attacks (35% of businesses and 37% of charities) and malware (17% of businesses and 14% of charities). Despite the relative simplicity of these attacks, they can have severe consequences. On average, the most disruptive breach in the past year cost businesses around £1,205, while for medium and large businesses, this figure surged to approximately £10,830. Charities faced an average cost of £460 per incident.

Enhancing Cyber Hygiene

Cyber hygiene refers to the practices and steps that organisations take to maintain a secure digital environment. The survey indicates a positive trend in adopting basic cybersecurity measures, which is crucial in combating common threats.

Here are key practices that are gaining traction:

• Up-to-date Malware Protection: Increased from 76% to 83% among businesses.
• Restricted Admin Rights: Improved from 67% to 73%.
• Network Firewalls: Up from 66% to 75%.
• Phishing Email Processes: Increased from 48% to 54%.

These improvements reflect a partial reversal of previous declines in cybersecurity practices. Nevertheless, continuous vigilance is essential, as even basic measures can significantly reduce the risk of successful attacks.

Risk Management and Supply Chain Security

Larger businesses are leading the charge in risk management, with 31% of businesses and 26% of charities conducting cybersecurity risk assessments in the past year. Medium and large businesses show even higher engagement in these practices, with 63% and 72% respectively performing such assessments. Furthermore, 33% of businesses and 23% of charities use security monitoring tools, though this is more common in larger organisations.

Cyber insurance is becoming more prevalent, with 43% of businesses and 34% of charities holding some form of coverage. This is a significant increase from the previous year’s figures and reflects growing awareness of the financial implications of cyber incidents.

Supply chain security is another critical area. While awareness is increasing, especially among larger organisations, formal procedures to manage cyber risks from suppliers are still lacking in many smaller entities. This highlights the need for comprehensive risk assessments that extend beyond immediate operations.

Board Engagement and Governance

Board engagement is crucial for effective cybersecurity governance. The survey shows that 75% of businesses and 63% of charities consider cybersecurity a high priority for their senior management. This focus is even stronger in larger organisations, with 93% of medium businesses and 98% of large businesses prioritising cybersecurity.

However, formal incident response plans are not widespread, with only 22% of businesses and 19% of charities having one in place. This is a significant gap, given that having a structured response plan can drastically improve an organisation's ability to handle and recover from cyber incidents.

Cyber Accreditations and Guidance

Despite a drop in the number of organisations seeking external cybersecurity guidance, understanding and adhering to recognised standards remain vital. Awareness of the "10 Steps to Cyber Security" and the Cyber Essentials scheme is still relatively low, though there is a higher awareness among larger organisations.

Currently, only 3% of businesses and charities adhere to Cyber Essentials, though many have implemented technical controls in line with the scheme's requirements. This indicates a need for greater emphasis on formal accreditations and adherence to best practices.

Responding to Cybercrime

Cybercrime, distinct from general cybersecurity breaches, affects a notable portion of organisations. The survey estimates that 22% of businesses and 14% of charities have been victims of cybercrime in the past year. Phishing remains the most common form of cybercrime, but ransomware and denial-of-service attacks are also notable threats.

Interestingly, the cost of cybercrime averages £1,120 per business victim. This figure highlights the financial impact of cybercrime, underscoring the importance of preventative measures and timely incident response.

Fitzrovia IT’s Commitment to Your Cybersecurity

As we observe Cybersecurity Month, it’s clear that the threat landscape continues to evolve, but so do the strategies to combat it. At Fitzrovia IT, we are dedicated to helping businesses and charities navigate these challenges with confidence. Our expert team offers comprehensive cybersecurity solutions designed to protect your organisation from the most common threats and sophisticated attacks.

From implementing robust cyber hygiene practices to developing incident response plans and acquiring the latest cybersecurity accreditations, Fitzrovia IT is here to support you every step of the way. Let us partner with you to fortify your defences and ensure your organisation remains resilient in the face of cyber threats.

Reach out to us today to learn more about how we can enhance your cybersecurity posture and safeguard your valuable assets.