British organisations are being urged to boost their cyber standards following official data which reveals a surge in online attacks, with nearly a third of firms being hit every week.
The Cyber Security Breaches Survey 2022 report from the Department for Digital, Culture, Media & Sport shows the frequency of cyber attacks is rising, although the number of organisations which experienced an attack or breach remained the same as 2021 levels, suggesting that most have still not done anything to tackle the issue.
Almost a third of charities (30%) and two in five businesses (39%) reported cyber security breaches or attacks in the last 12 months.
And, despite the National Cyber Security Centre maintaining it is not aware of any current specific cyber threats to UK organisations in relation to events around Ukraine, it is calling on organisations to follow simple steps in its guidance to reduce the risk of falling victim to an attack.
Small businesses are being urged to adopt the Cyber Essentials scheme to protect against the most common cyber threats, such as phishing attacks, and use the Small Business Guide to improve cyber security practices.
Meanwhile, larger organisations are being told to use the Board Toolkit to get company executives to act on cyber resilience and charities should follow the Small Charity Guide to boost cyber security operations.
Cyber Minister Julia Lopez said: “It is vital that every organisation takes cyber security seriously as more and more business is done online and we live in a time of increasing cyber risk.
“No matter how big or small your organisation is, you need to take steps to improve digital resilience now and follow the free government advice to help keep us all safe online.”
Following a wave of high profile attacks over the past year including on Kaseya, Colonial Pipeline and Microsoft Exchange, there has been increased attention on the cyber security of supply chains and digital services.
Four out of five senior managers (82%) in UK businesses now see cyber security as a ‘very high’ or ‘fairly high’ priority, up from 77% in 2021. This is a significant increase and the highest figure seen in any year of the cyber security breaches survey, DCMS confirms.
The report also found four in ten businesses (40%) and almost a third of charities (32%) were using at least one managed service provider but only 13% of businesses reviewed the risks posed by immediate suppliers.
The Government is aiming to strengthen critical businesses’ cyber resilience by updating the Network & Information Systems (NIS) Regulations which set out cyber security rules for essential services such as water, energy, transport, healthcare and digital infrastructure.
It is hoped that this will ensure the legislation remains effective and keeps pace with technology. It includes proposals to expand the NIS Regulations to include managed service providers which essential and digital services depend on to operate, to minimise the risk of attacks.
Related stories
ICO updates cyber attack guidance as Russia fears rise
Ukraine invasion fuels cyber attack warning to UK firms
New cyber security laws threaten mega fines for firms
Spy chief warns of ‘alarming’ increase in ransomware
UK firms issued red alert as Microsoft hack escalates
Gold diggers: cyber criminals driven by the filthy lucra
Hack attack fears push UK cyber security to over £8bn
Data breaches, not rogues, are ICO Public Enemy No. 1
Maasdam busters: Netherlands is EU cybercrime capital