Cyber Security

2019 UK Data Breach Statistics You Need to Know

Written by SysGroup Marketing

According to research by the Department for Digital, Culture, Media & Sport, cyber security breaches are still a massive threat to UK businesses of all sizes. We've sifted through their statistics and pulled out some of the most surprising ones. They reveal important lessons to learn for daily cyber security awareness as well as your wider IT security business strategy.

1) 32% of businesses identified cyber security breaches or attacks in the last 12 months, costing an average of £4,180 in lost data and assets.

The percentages are much higher amongst bigger targets like:

  • medium businesses (60%)
  • large businesses (61%) and
  • high-income charities (52%).
What we can learn:

It is very tempting to brush off the risk of a cyber attack, hoping that only larger businesses need to develop a robust security strategy. After all, 61% of large businesses reported cyber security breaches last year! However, nearly 1 in 3 small businesses reported the same, making them a substantial problem, no matter your size.

Security Awareness Training is one way to help everyone in your organisation understand the threats posed by cyber crime. This kind of training relies on real-life scenarios. It 'borrows' from the tactics used by real hackers, including simulations of phishing emails and tips to help you spot suspicious files or activity on your system.

Thankfully, according to the survey, businesses are more likely (57% up from 51%) to have had staff attend some kind of cyber security training in the last year, showing a positive trend.

2) Of those businesses and charities who reported cyber security breaches or attacks, the most common types were: (1) phishing attacks, (2) others impersonating an organisation in emails and online and (3) malware, including viruses, spyware or ransomware.

As we have been trained to spot the more obvious spam messages, phishing scams have evolved into more subtle and measured forms of social engineering. These attacks tend to have a much higher success rate. Only about 3% of malware tries to exploit an exclusively technical flaw. The other 97% instead targets users through social engineering (Source).

What is social engineering? 

The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

What we can learn:

Staff awareness is still a significant factor to combat these types of breaches. Additionally, a robust IT security strategy involving specific tools like email security, firewalls, endpoint security and network monitoring will help significantly to protect your business.

Our blog archives are home to a wealth of practical tips and strategies for protecting and defending against malware, phishing scams and social engineering. Why not explore some of them?

3) Only 16% of businesses and 11% of charities in this survey have formal cyber security incident management processes in place.

Within large firms and higher-income charities, these figures increased: 57% and 37% respectively.

What we can learn:

More businesses are moving cyber security into boardroom discussions, which we encourage. However, making decisions about your cyber strategy without enough information can feel a bit like walking in the dark without a torch! Although many C-suite executives want to be involved in decisions about cyber security, they are willing to admit that they only know the basics.

This is how a consultation with a managed IT security provider can be incredibly helpful. With expertise on the latest technologies to secure your network, they can also help your firm to create a more comprehensive IT security strategy and a cyber security incident management process. You'll gain confidence that your business can quickly recover from an attempted breach and your team members will be clear on the process for who to alert and what to do if they suspect a breach has occurred.


You might also like