The State of Cybersecurity UK | Insights from the 2023 Cyber Security Breaches Survey

The U.K. government recently unveiled its highly anticipated 2023 Cyber Security Breaches survey, offering a comprehensive analysis of the cybersecurity landscape over the past year.

This report not only provides valuable insights into the state of cybersecurity within the UK, but it also delivers actionable information that can be applied to organisations worldwide.

Aligned with the UK’s National Cyber Strategy, this survey sheds light on the challenges faced by organisations, the increasing demand for skilled professionals, and the persistent struggle to fill crucial cybersecurity positions.

Cybersecurity Skill Gap

The findings in this 2023 cybersecurity skills gap report clearly show that organisations are fighting an uphill battle against cyberthreat— incurring more breaches, in need of skilled professionals, and continuing to struggle to fill key positions.

fortinet.com

The findings from the 2023 cybersecurity skills gap report present a stark reality—organisations are engaged in an ongoing battle against cyberthreats.

Incidents of breaches continue to rise, creating an urgent need for proficient cybersecurity professionals.

68 records are lost or stolen every second.

Furthermore, organisations face significant difficulties in filling key positions essential for combating these threats effectively.

Cybersecurity UK: A Necessity for All, Yet Challenging for Small and Medium Businesses

The report emphasizes that while cyber threats can vary in sophistication, the most common ones are relatively unsophisticated.

To protect organisations, a series of cyber hygiene measures should be implemented. These measures include updating malware protection, backing up data on the cloud, restricting privileges, and more.

However, certain cybersecurity practices remain less prevalent among organisations. These include two-factor authentication for networks and applications, separated Wi-Fi networks for staff and visitors, user monitoring, VPN for remote employees, and the timely application of software updates.

The research highlights a growing cyber hygiene challenge specifically faced by small and medium enterprises (SMEs). These companies have encountered increased costs across various levels due to the economic uncertainties brought about by the COVID-19 pandemic, inflation, and rising energy prices.

Consequently, small businesses and low-income charities have been compelled to reduce their investment in various cyber hygiene measures. In contrast, large businesses have been able to maintain their cyber hygiene levels without significant reductions.

Top Cybersecurity Threats: Identifying the Challenges

Approximately one-third of businesses and a quarter of charities reported experiencing a cybersecurity breach or attack.

Larger businesses have proven more adept at detecting breaches or attacks. The most prevalent types of breaches or cyberattacks identified are as follows:

• Phishing: Phishing attacks remain the most significant threat, accounting for 79% of attacks on businesses and 83% of attacks on charities.
• Impersonation: Impersonation represents 31% of cybersecurity attacks on businesses and 29% on charities.
• Malware Risks: Businesses face malware risks in 11% of cases, whereas charities face them in 9% of cases.
• Hacking of Online Banking Accounts: Businesses reported hacking or attempted hacking of online banking accounts at a rate of 11%, while charities experienced a lower rate of 6%.

Handling Security Incidents: Preparedness and Response

Between a quarter and a third of businesses and charities have established specific roles and responsibilities to handle security incidents.

Roughly a quarter possess guidelines for external reporting and notification procedures. However, only 21% of businesses and 16% of charities have a formal incident response plan. Additionally, 13% of businesses and charities have external communications and public engagement plans.

Preventing future incidents predominantly involves additional staff training or communications. Surprisingly, less than 10% of businesses and charities took proactive measures such as installing, changing, or updating antivirus or antimalware solutions, modifying firewall or system configurations, or updating passwords. Alarmingly, over a quarter of organisations did not take any action at all.

Conclusion | How improve cybersecurity practices

The U.K. government’s 2023 Cybersecurity Breaches survey highlights the increasing costs and financial challenges faced by small organisations since the onset of the COVID-19 pandemic. Unfortunately, this has led to the deprioritization of cybersecurity for some of these entities.

In contrast, larger organisations have maintained their security priorities, with some taking specific actions in response to geopolitical events and threats from state actors, particularly those with a strong international presence.

It is evident that cybersecurity best practices can be improved across organisations of all sizes. One crucial aspect is fostering better communication and visibility between cybersecurity or IT roles and the wider staff, including management. Building trust in these relationships is paramount, and it often goes hand in hand with effective cybersecurity training and awareness programs.