4 Takeaways from the 2019 Cybersecurity Breaches Survey

Recently, the department for Digital, Culture, Media & Sports in the United Kingdom released the Cyber Security Breaches Survey 2019.

The survey discusses statistics for cyberattacks, exposure to cyber risks, the awareness and attitudes of companies around cyber risk, and approaches to cybersecurity. Here are the four takeaways from the survey (all statistics included in this briefing are part of the survey).

1. Cyberattacks are a persistent threat.

Thirty-two percent of businesses had cyber security breaches in 2018. This number is down 11 percent from 2017 (43 percent). Even though the number of cyber-attacks has declined since 2017, they still remain a major threat to businesses.  The most common incidents were:

  • Phishing (80%)
  • Impersonations (28%)
  • Viruses, spyware, malware, ransomware attacks (27%)

While this news is good, there is one caveat: among those reporting breaches, the number of attacks they have faced has increased. In 2017, companies with breaches only reported experiencing two attacks, but by the 2019 survey, the number was six. This trend may suggest more targeted attacks in certain sectors as attackers grow increasingly organized and methodical.

2. An increase in cyber security attention and regulation may be helping.

The survey suggests two plausible explanations for why the number of incidences are down:

  • An increase in cyber defense
  • GDPR regulations

Since the 2018 report, more businesses are prioritizing cyber defense than in the past. As attackers grow smarter, businesses are focused on finding those holes and plugging them—and the renewed focus on preempting risk is helping to reduce the overall number of incidents.

Further, the survey suggests that since the introduction of the General Data Protection Regulation (GDPR), businesses may no longer report certain situations because they no longer qualify as breaches. They also are making changes to better their security in the face of more regulatory oversight. Thirty percent of businesses said they had made changed because of GDPR and 60 percent created new policies to address the risk.

3. The financial costs for breaches have risen.

More so than the reputational risk facing businesses who report breaches, the financial burden of a cyberattack is the greatest concern. Of the cases in which breaches caused loss of data or assets, the average (mean) cost was $5,473 (£4,180) which is a rise over years 2018 (+$1,336) and 2017 (+2,266).

The rising cost shows it is more expensive now to clean up after an attack than in previous years. According to the survey, “when organisations reflect on their approaches to cyber security, they may be undervaluing the true cost and impact of cyber security breaches.”

4. There is still more that can be done to protect businesses.

Though the numbers do indicate an increase in focus on cybersecurity, there is still more that can be done in this area. The business areas that, once addressed, will make the most impact are:

  • The Board Level
    • Only 35 percent of businesses have a dedicated board member with the specific responsibility of overseeing cybersecurity.
  • The Supply Chain
    • A small 18 percent of business respondents said they require their suppliers to adhere to cyber security standards.
  • Cybersecurity Management
    • Around 16 percent of businesses have formal cyber security incident management processes.

Though the numbers show fewer attacks, there are still many areas of weakness that need to be addressed to work toward total eradication.

One area in which businesses can improve is leveraging compliance requirements. On May 15, OnSolve will hold a webinar titled “Compliance: Friend or Foe” led by Virtual CIO, Andrew Baker. Attendees will receive answers to questions like:

  • Why do we have compliance?
  • Why so many different frameworks?
  • How do I choose the right framework(s)?
  • How do I leverage compliance for better security?

Join us for this informative event that could help you preempt and avert cyberattack risk by better understanding how compliance can improve cybersecurity.

Click here to learn more and to reserve your spot for this online learning event.