Just under half of all businesses in the U.K. identified at least one security breach or attack in the past year, according to the U.K. government’s Cyber Security Breaches Survey 2017.
The Cyber Security Breaches Survey 2017 found that among the 46 percent of companies that identified a breach or attack, fraudulent emails were received by 72 percent, making it by far the most common type of breach. Viruses and malware (33 percent), online impersonation of the organization (27 percent) and ransomware (17 percent) were the next most common.
The survey also found that although “human factors” often contribute to breaches, only 20 percent of organizations provide staff cybersecurity training, and only 33 percent have formal policies.
A study released by EDC earlier this month also showed two-thirds of companies lack a cybersecurity policy.
“The findings suggest that the prevalence of ransomware in particular has heightened awareness and made cyber security a more urgent issue for a wider range of businesses,” according to the report authors. “The qualitative survey in particular highlights how businesses in sectors that may not expect to be targeted are falling victim to costly ransomware attacks. Such attacks also highlight the inherent value of the data that businesses hold, beyond personal or financial data – with attacks on any kind of data potentially stopping businesses from carrying out day-to-day work and putting relationships with customers at risk.”
Despite the high profile vulnerability of the U.K.’s National Health Service to WannaCry through unsupported web-facing Windows XP computers, more companies overall regularly update their software (92 percent) than provide guidance on acceptable passwords (69 percent), although 91 percent of large companies provide password guidance.
Two-thirds of medium and large business suffered breaches, compared to only 45 percent of small or “micro” businesses. The most common impact suffered by those with a breach was the temporary loss of files (23 percent), followed by software or system corruption (20 percent), and permanent file loss (10 percent).
The number of U.K. businesses with websites and social media accounts increased by 8 and 9 percent to 83 and 59 percent respectively, and the number using cloud services rose from 49 to 59 percent.