7 Key Takeaways from DSIT’s Cyber Security Breach Survey 2024

Each spring, the Department for Science, Innovation and Technology (DSIT), releases its Cyber Security Breaches Survey. This survey acts as a well-trusted ‘temperature gauge’ of cyber security and resilience within the UK cyberspace and, although it is intended to inform the UK government, it is also a useful resource for SMEs and charities.

We share seven top takeaways from the survey and explore how they give us an idea of the biggest threats we face and how we can deal with them.

Breaches aren’t going anywhere

According to DSIT’s research, 50% of businesses and 32% of charities reported some form of cyber security breach.

These figures are highest for medium and large businesses, with 58% of small businesses also hit with a breach in the past year.

This hits home the fact that cyber security measures are as crucial as ever for businesses and charities of all sizes. In fact, the probability of experiencing cybercrime increases daily so becoming more cyber resilient should be top of the agenda for all organisations.

Attacks are happening more regularly

One positive to take from the report is that the average cost of a single breach is £1,205 – comparatively low to years gone by.

However, the regularity of breaches has increased, meaning the cumulative cost of attacks can be far higher.

While larger businesses may be able to cope with these costs, it could be detrimental to charities and SMEs. It’s not just the immediate physical costs of recovering from cybercrime either; the collateral damage caused by tarnished reputation, loss of customers and even staff is far reaching.

Don’t take the bait

Many of us have first-hand experience of phishing scams. Scammers pose as trustworthy contacts, asking for personal information or for you to click a malicious link via email, social media or messaging apps.

While regular phishing targets large groups of people, a more potent and targeted version, spear phishing, can feature information relevant to the receiver, making it seem more legitimate. This often involves personalised scams aimed to trick the victim into divulging sensitive information, downloading malware or transferring money to the attacker.

Phishing is one of the most widely discussed types of scam, yet it’s still incredibly common. Therefore, it isn’t surprising that the DSIT’s report found that 84% of businesses and 83% of charities reported being targeted by one in the past 12 months.

Raising awareness of Cyber Essentials

At Hubtel IT, we’re big proponents of Cyber Essentials, yet only 12% of businesses and 11% of charities know about it.

More worryingly, only 3% of businesses and charities report adhering to Cyber Essentials.

Cyber Essentials is a Government-backed scheme that businesses and charities to implement basic yet effective cyber security measures. Achieving certification helps them to demonstrate their commitment to cyber security and for organisations bidding on government contracts, Cyber Essentials may also be mandatory. Interestingly, Hubtel IT have seen an uptake in Cyber Essentials for their private sector clients in recent years and predict that it will soon become mandatory for all UK organisations to adhere to this certification.

Find out more about Cyber Essentials.

Don’t forget supply chain risks

Although cyber risk management awareness has broadly improved, supply chain risks are often forgotten.

Supply chain attacks, which involve attackers using third-party tools or services to infiltrate systems or networks, are set to cost the global economy £107.6 billion by 2031 – so this requires urgent attention.

Needing a plan in place

Many businesses say they would take action when faced with a cyber incident – but how?

The DSIT report found that just 22% of businesses and 19% of charities have a formal incident response plan. This suggests that SMEs and charities are not well-prepared for the worst-case scenario.

Creating a detailed incident response plan can be challenging if you don’t know where to start. Find out how Hubtel IT can help put a plan in place to ensure your systems stay cyber secure.

Basic cyber security is widespread

Simple cyber security measures are on the rise across all businesses. Since most cyber threats are unsophisticated, organisations can protect themselves with pretty simple measures.

Most businesses have a wide variety of measures in place:

• Using up-to-date malware protection (83% – up by 7%)
• Restricting admin rights (73% – up by 7%)
• Network firewalls (75% – up by 9%)
• Agreed processes for phishing emails (54% – up by 6%)

These are even more promising than they first look, as basic cyber security measures had actually been decreasing in recent years.

If this article has opened your eyes to ongoing cyber threats, opportunities to tighten your security and hidden threats that you may have overlooked, Hubtel IT can help.

Cybercrime costs the country billions and, with attacks becoming more sophisticated by the day, now is the time to act. Having a plan in place is paramount if you want to prevent attacks of all kinds.

Get in touch with us today to start your journey towards increased cyber security.