Businesses urged to act on cyber defences

Two in five businesses and a quarter of charities report having cyber security breaches or attacks in the last 12 months, according to the Department for Digital, Culture, Media and Sport.

The Cyber Security Breaches Survey 2021 report also shows the cyber risk to organisations is heightened because of the coronavirus pandemic, which has made securing digital environments more challenging as organisational resources are diverted to facilitating home working for staff.

Nearly half of businesses (47 per cent) have staff using personal devices for work, but only 18 per cent have a cyber security policy on how to use those personal devices at work. Less than a quarter of businesses (23 per cent) have a cyber security policy covering home working.

The new data shows fewer businesses are using security monitoring tools to identify abnormal activity which could indicate a breach - suggesting firms are less aware than before of the breaches and attacks staff are facing. Only 83 per cent of businesses have up-to-date anti-virus software - down five per cent from the previous year.

The most common breaches or attacks were phishing emails, followed by instances of others impersonating their organisation online, viruses or other malware including ransomware.

Where a breach has resulted in a loss of data or assets, the average cost of a cyber attack on a business is £8,460. This figure rises to £13,400 for medium and large businesses.

The government is now encouraging businesses, charities and educational institutions to follow the free help and guidance from the National Cyber Security Centre, including advice on the secure use of video conferencing, secure home working and how to move your business from physical to digital.

Digital Infrastructure Minister Matt Warman said: “The pandemic has taken an unavoidable toll on British businesses but we cannot let it disrupt our high cyber security standards. With more people working remotely it is vital firms have the right protections in place, and I urge all organisations to follow the National Cyber Security Centre’s expert guidance so we can build back better and drive a new era of digital growth.”