The overriding message from this year’s Cyber Breaches Survey is that little has changed. The headline figure of organisations experiencing a cyber breach or attack remains exactly the same as last year at 39%.
As normal, phishing attacks remain the most prevalent for of attack (83%). Digging down into a bit more detail there is quite a positive message. Respondents report that only 20% of attacks had any impact on the organisation and, critically, only 1% resulted in the compromise or loss of any personal data. Even amongst the 20% of attacks that did have an impact, the average cost reported is only £4200 (£19 400 if micro and small businesses are excluded). The survey also provides a breakdown of these costs.
One of the most interesting areas of the survey is the detail on what organisations area doing to mitigate cyber risk. 43% of businesses report having some form of cyber insurance cover (the same as last year), but only a small minority of these have separate cyber policies. Take-up amongst charities is somewhat lower (27%). There has been a modest increase in the number of organisations gaining accreditation to Cyber Essentials (6%, up from 4% in 2021), but the take-up of Cyber Essential Plus remains very low (1% for businesses, 2% for charities).
As ever, this year’s survey presents a relatively upbeat picture of the frequency and impact of cyber attacks (compared to other sources) but, once again, highlights that there is much more that organisations can do to protect themselves.