Data and securityCyber SecurityRoom for more cybersecurity over and above GDPR

Room for more cybersecurity over and above GDPR

The Cyber Security Breaches survey is part of the National Cyber Security Strategy, which aims at making the UK the safest place to live and work online

An annual survey has illustrated the changing attitudes of organisations towards cybersecurity. According to the survey, General Data Protection Regulations (GDPR) has accelerated the pace of change across organisations. However, GDPR has had some unintended consequences.

GDPR has led some organisations to frame cybersecurity largely in terms of avoiding personal data breaches. These organisations were less focused on other kinds of breaches or attacks. They typically had a narrower set of technical controls in place.

Though GDPR appears to have had a positive impact on cybersecurity, organisations still need to make progress beyond GDPR. They may need to think more holistically about the issue.

There is still more that organisations can do to protect themselves from cyber risks. This includes taking important actions that are still relatively uncommon, around board-level involvement in cyber security, monitoring suppliers and planning incident response.

The Cyber Security Breaches survey is a quantitative and qualitative study of UK businesses and charities. It helps these organisations to understand the nature and significance of the cybersecurity threats they face. They also get to know what others are doing to stay secure. It also supports the government to shape future policy in this area. It has been carried out for the Department for Digital, Culture, Media and Sport (DCMS).

Do more against cybercrime

The statistics from the survey result have shown a reduction in the percentage of businesses suffering a cyber breach or attack in the last year. It shows that 32% of businesses identified a cybersecurity attack in the last 12 months. This figure is down from 43% in the previous year.

The reduction is partly due to the introduction of tough new data laws under the Data Protection Act and the GDPR. 30% of businesses and 36% of charities have made changes to their cybersecurity policies and processes as a result of GDPR coming into force in May 2018.

However, of those businesses that did suffer attacks, the typical median number of breaches has risen from 4 in 2018 to 6 in 2019. Therefore, businesses and charities suffering cyber attacks and breaches appear to be experiencing more attacks than in previous years.

The average cost of a cyber attack on a business has gone up by more than £1,000 since 2018 to £4,180. The most common breaches or attacks were phishing emails. They type were followed by instances of others impersonating their organisation online, viruses or other malware including ransomware.

Business leaders are now being urged to do more to protect themselves against cybercrime.

Working with industry and education

Digital Minister Margot James said: “Following the introduction of new data protection laws in the UK it’s encouraging to see that business and charity leaders are taking cybersecurity more seriously than ever before. However, with less than three in ten of those companies having trained staff to deal with cyber threats, there’s still a long way to go to make sure that organisations are better protected.

“We know that tackling cyber threats is not always at the top of business and charities list of things to do, but with the rising costs of attacks, it’s not something organisations can choose to ignore any longer.”

Through the CyberFirst programme, the government is working with industry and education to improve cybersecurity. Additionally, they intend to get more young people interested in taking up a career in cyber.

The Cyber Discovery initiative has already encouraged 46,000 14-18-year-olds to get on a path towards the cybersecurity profession. Over 1,800 students have attended free CyberFirst courses. Nearly 12,000 girls have taken part in the CyberFirst Girls competition.

Business and charity leaders have materials to help make sure that they don’t fall victim to cyber attacks. These are available through the National Cyber Security Centre (NCSC).

Clare Gardiner, Director of Engagement at the NCSC, said: “We are committed to making the UK the safest place to live and do business online, and welcome the significant reduction in the number of businesses experiencing cyber breaches. However, the cybersecurity landscape remains complex and continues to evolve, and organisations need to continue to be vigilant.

“The NCSC has a range of products and services to assist businesses, charities and other organisations to protect themselves from cyber attacks, and to deal with attacks when they occur. These include the Board Toolkit providing advice to Board level leaders and guides aimed at small businesses and small charities.”

There is a mismatch between the demands and availability of skills for cybersecurity in the UK that could affect the public sector’s resilience against the next WannaCry.

Managing cyber risks

The threat of cyber attacks remains very real and widespread in the UK. The figures show that 48% of businesses and 39% of charities identified at least one breach or attack every month.

Cybersecurity is becoming more of a priority issue, especially for charities. Those charities who treated cybersecurity as a high priority has gone up to 75% in 2019. The number was just 53% the year before and is now at the same level as businesses.

National Cyber Security Centre is urging small businesses and charities to take up tailored advice. All businesses should consider adopting the Ten Steps to Cyber Security, which provides a comprehensive approach to managing cyber risks. Implementation of the 10 steps will reduce the likelihood and cost of a cyber attack or cyber-related data breach.

Organisations can also raise their basic defences by enrolling on the Cyber Essentials initiative. They can follow the regularly updated technical guidance on Cyber Security Information Sharing Partnership available on the NCSC website.

Related Articles

Government and tech industry hold roundtable on IoT security

Cyber Security Government and tech industry hold roundtable on IoT security

4m Jay Ashar
New Army cyber operations centres for MOD

Cyber Security New Army cyber operations centres for MOD

4m Jay Ashar
Competing priorities biggest roadblock to cybersecurity

Cyber Security Competing priorities biggest roadblock to cybersecurity

4m Jay Ashar
Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

4m Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

4m Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

4m Jay Ashar
AI support: Outnumbered but not outgunned

Cyber Security AI support: Outnumbered but not outgunned

6m Piers Wilson
A shot in the arm for Bristol's cybersecurity

Cyber Security A shot in the arm for Bristol's cybersecurity

6m Jay Ashar