News
Comment: Gov releases abject cyber security breaches survey
April 2024 by Andy Kays, CEO Socura
This morning, the UK Government published data from its annual Cyber security breaches survey for 2024 – aligned with the National Cyber Strategy.
There are some abject figures in the report, demonstrating that UK businesses (especially small businesses) are doing very little to prevent, detect or respond to data breaches. Especially section 5, which focuses on how businesses respond to incidents. Few businesses report a breach, and more than a third (39%) said that no action was taken in response to their most disruptive breach in the last 12 months.
Andy Kays, Socura CEO:
“It is incredibly disappointing to see such disregard for cyber security among the UK’s small business community. Despite years of warnings from experts, countless data breach headlines, and increased regulatory action, this issue still isn’t on their radar.
“Only a fraction of UK businesses have any kind of formalised incident response plan, which I find astounding. Businesses will always have a plan in case of a fire, but will not apply the same due care for a data breach – which is statistically much more likely. It flies in the face of common sense.
“A lot of these responses seem stuck in the past. Most businesses’ experience with cyber incidents seems limited to phishing attempts, and their default response is to conduct security awareness training if they do anything at all. In the event of a breach, businesses are not keeping records, not informing the police or regulators, not assessing the scale and impact of the incident. They are failing to do the bare minimum. It’s also important to note that businesses are doing very little to prevent or detect breaches in the first place.
“The estimated financial cost of a data breach in this survey is far far lower than other sources. I think we need to treat the Government’s £1205 figure with caution. Obviously this survey skews towards smaller businesses than many other surveys, so the numbers will be smaller. We know that large enterprise businesses can lose millions in the event of a data breach due to the disruption, reputational impact and share price drop. The ICO can also impose serious fines to businesses that fall foul of GDPR
