Latest News

Cyber-security – the risk that keeps evolving

6 July 2022

2022 Cyber-security Breaches Survey

Every year, the Department for Digital, Culture, Media & Sport commissions the annual 2022 Cyber Security Breaches Survey as part of the National Cyber Security Programme. This report surveys UK employers about their cyber-security experiences, including cyber-attacks and data breaches. This infographic provides an in-depth overview of the survey’s findings.

The use of technology in daily operations continues to grow within organisations across sectors. The
vast majority of businesses and charities already depend on at least one type of digital service—such as
an online bank account, email, social media or electronic data storage—and the use of these solutions
continues to increase. Furthermore, the rising popularity of remote and hybrid work arrangements has
spurred even greater dependence on technology for everyday operations.

While workplace technology can provide a wide range of benefits to organisations, the risks that come
with wider implementation are significant. In the past year, 39% of businesses and 30% of charities have
experienced a cyber-security breach or cyber-attack. Of those organisations, 31% of businesses and
26% of charities estimated they were attacked at least once per week during that period. Furthermore,
the consequences of these attacks are generally severe—lost or stolen data, business interruptions, costly non-compliance fines under the General Data Protection Regulation (GDPR) and reputational damages
often accompany a data breach.

There are many different types of cyber-attack methods that hackers may utilise; last year, the most common method by far was phishing. Among the businesses and charities that experienced a cyber-attack within the past 12 months, 83% and 87%, respectively, reported being targeted by phishing attacks.

The second most common type of cyber-incident was impersonation, which 27% of businesses and 26%
of charities experienced. These patterns generally remained consistent with trends from previous years.
Following a slight dip in 2021 in the rate of organisations that prioritised cyber-security, both businesses
and charities rebounded in 2022. Last year’s survey found that 77% of businesses and 68% of charities
rated cyber-security as a high priority, representing a slight decrease for both groups compared with respective percentages of 80 and 74 in 2020. However, in 2022, those figures climbed back up to 82% for
businesses and 72% among charities.

Another positive sign shows that 93% of businesses and 89% of charities now have at least some degree of cyber-incident response procedures in place—a sizeable increase over last year’s survey results of
66% and 59%, respectively. However, the degree of cyber-incident readiness varies greatly depending
on organisation size. For example, only 12% and 4% of microbusinesses (one to nine employees) and
charities take action to address supply chain cyber-risks, giving cause for concern; smaller organisations
compose a high proportion of the UK population and are often more reliant on outsourced IT providers.

It’s also worth noting that the coronavirus pandemic has had an impact on cyber-security. COVID-19
forced many organisations to improvise and expand their use of technology in order to accommodate
remote work arrangements. Even though the conditions surrounding COVID-19 may now make it possible for workers to return to a traditional work environment, remote and hybrid work environments have
continued to be common. Remote workers may be seen as easy targets for cyber-criminals, as many
organisations remain exposed to cyber-threat risks among these employees.

Additionally, in the past 12 months, 54% of businesses have acted to identify cyber-security risks. The
most common action (taken by 35% of businesses) was using security monitoring tools. This figure
remains the same as last year’s survey but continues to represent a decrease from 40% in 2020. Slightly
more charities utilised such tools, with the percentage having increased from 25% in 2021 to 27% this

In addition, while phishing remained the most common type of cyber-attack, only 19% of businesses and
15% of charities tested staff with mock phishing exercises—indicating potential cyber-security vulnerabilities. However, most businesses (96%) and charities (87%) are utilising at least some cyber-security protections. For businesses and charities, respectively, the most common security solutions include malware protections (83% and 68%), password policies (75% and 57%) and network firewalls (74% and 56%).

These cyber-security measures are critical for helping organisations mitigate cyber-risks, but there is still
more that can be done as threats become more creative. For instance, two-factor authentication (requiring multiple steps to log into a system) is currently only utilised by approximately a third of businesses (37%) and charities (31%). Even then, two-factor authentication usage skews more toward large and medium-sized businesses, particularly in the information and communications sector (63%). Comparatively, only 18% of businesses in the food and hospitality sector use two-factor authentication. Among utilities, production and manufacturing businesses, only 28% use it.

Ultimately, these and other figures from the survey illuminate potential areas where organisations can
build out their cyber-security efforts. With that in mind, we are proud to present our summary of the
2022 Cyber Security Breaches Survey, commissioned by the Department for Digital, Culture, Media &
Sport as part of the National Cyber Security Programme.

As you read through these statistics, consider what you can do to bolster your organisation’s cyber-security practices and GDPR compliance efforts. Don’t miss out on the expansive digital service opportunities or resign your organisation to cyber-attacks because of a lack of cyber-security. Protect your operations and ensure digital success with cyber-risk management guidance and insurance solutions, available by contacting us today.

The full article can be found here.

Cyber-security - the risk that keeps evolving