Cyber security in the UK: current challenges and response strategies

In early April, the UK's Department for Science, Innovation and Technology (DSIT) released the Cybersecurity Breaches Survey 2024, offering a comprehensive overview of the cybersecurity landscape in the country. The report analyzes various types of cyber attacks and digital crimes affecting private sector businesses, charities and educational institutions, the impact on these organizations and their response strategies. This document serves as a sort of “State of the Nation” of cybersecurity, offering valuable details for the entire cybersecurity community. Unfortunately, the survey confirms what we already knew: cybersecurity in the UK still has a long way to go, but hopefully reports like this can catalyze significant improvements.

The problem of the stairs

The report confirms that cyber breaches and attacks are an extremely pressing issue for the UK. 50% of businesses and 32% of charities have experienced at least one attack or breach in the last 12 months. However, the risk is uneven: medium-sized businesses (70%), large businesses (74%) and charities with incomes over £500,000 (66%) were more frequently affected than smaller organisations. Phishing remains the most common threat, with 84% of businesses and 83% of charities reporting this type of attack. Despite the prevalence of phishing, only 54% of organizations have agreed-upon processes to manage phishing emails, signaling a worrying gap in basic protection measures.

Supply chain risks

61% of mid-sized companies and 72% of large enterprises adopted a cyber risk assessment last year. Similar rates are found in the implementation of security monitoring tools. However, only 31% of enterprises overall have performed a risk assessment, while just 33% have implemented security monitoring tools. This is concerning as small businesses are often part of larger supply chains, making them prime targets for attackers aiming to breach larger organizations. Strangely, despite a growing awareness of supply chain risks, many organizations, especially smaller ones, do not take formal action to mitigate them. This misalignment could lead to a significant increase in attacks on supply chains in the UK over the next year.

The perception of cybersecurity

Encouragingly, 75% of businesses and 63% of charities consider cybersecurity a high priority for their senior management, a higher percentage than the previous year. However, for organizations that already considered cybersecurity a marginal priority, interest has waned further. Businesses in the information and communications, finance and insurance, and health and social care sectors tend to place greater importance on cybersecurity than other sectors. Worrying is the fact that in the agricultural sector, despite fears over geopolitical tensions, cybersecurity is not as much of a priority (59% compared to 75% of other companies). This lack of preparation could lead to significant consequences for the agricultural sector in the coming months. In summary, the report paints a mixed picture, with reasons for both optimism and concern. However, the important thing is that organizations take the findings seriously and adapt their security programs accordingly.