Government cyber security survey shows concern over ransomware
Almost half of UK businesses hit by cyber attacks in the past year - but research shows lack of awareness in government guidance
The government’s 2017 cyber security breaches survey has revealed that 42% of businesses have faced an attack in the past year, with companies holding personal data more likely to suffer than those that don’t.
The survey, carried out by researchers at Ipsos Mori and the University of Portsmouth and published yesterday (19 April), found that 51% of companies holding personal data had experienced a cyber attack in the past year. This is compared with 37% for those that don’t hold personal data.
The most common breaches or attacks were via fraudulent emails, for instance encouraging staff to reveal passwords or open dangerous attachments, followed by viruses, malware and ransomware.
A quarter of businesses that had experienced an attack or breach said that they had lost files, while a fifth had software or systems corrupted and one in ten had lost access to the third party systems they rely on.
Businesses have responded by taking more precautions, the survey said, with three-quarters saying that it was a high priority for senior managers and directors, and nine out of ten saying they regularly updated software and malware protection.
However, the survey also found that businesses lacked awareness about advice that the government offered on cyber security measures - 58% of businesses said they had sought advice in the last year, but just 4% mentioned public sector sources.
This is compared with 32% who said they went to external security or IT consultants and 10% resorting to online searches.
Larger businesses were more likely to use government sources, the survey said, with 16% mentioning public sector information.
The report also noted that 75% of people who had used government sources said it was useful, suggesting that it was “most likely lack of awareness rather than a lack of perceived relevance or usefulness that explains why so few businesses have used government information”.
The government said that it hopes the creation of the National Cyber Security Centre last year will help increase awareness of government guidance.
“One of the key objectives of the NCSC is to increase the UK’s cyberspace resilience by working with and providing expert advice tailored to organisations and businesses in every sector of the UK economy and society,” the Department for Culture, Media and Sport said in a statement published alongside the survey.
Information commissioner Elizabeth Denham confirms warrant has been served on UK company
Sector organisation writes to Matt Hancock and other MPs to express concerns
James Wickes of Cloudview believes regulators need to take steps to sharpen senior managers’ focus on cybersecurity
Policy paper from Parliament Street think tank recommends increased use of shared services