Cyber Security Measures Improving But UK Firms Still Vulnerable

Cyber attacks aimed at UK businesses and charity organisations appear to be decreasing. However, businesses that are targeted and attacked appear vulnerable to repeated threats.

According to the Cyber Security Breaches Survey 2019, released by the Department for Digital, Culture, Media and Sport, 32% of businesses and 22% of the charity sector reported that their cyber security had been breached in the last year; this was down from 43% in 2018’s report and 46% in 2017.

Worryingly, a third of all attempted cyber attacks resulted in a loss of data or assets. When your law firm is holding a mass of personal data and client money, the report highlights the importance of improving cyber security measures.

Whilst the number of firms experiencing data breaches is declining, the financial impact has been a lot more severe with the mean average loss to a business rising to £4,180. This figure represents a 24% increase from the £3,160 loss to each business documented in 2018’s report.

It would appear that businesses and charities are treating the cyber risk with the respect it deserves and have massively increased their cyber security defences within the last year. 33% of businesses and 36% of charities now ensure a robust written cyber security policy is embedded within the security policies of the firm. For businesses, this represents a 6% increase from the 27% of businesses in 2018 and a massive 15% increase within charity cyber security policies.

With so many organisations worried about the vulnerabilities that people within their organisation can cause, the charity sector has doubled the training they offer their staff in regard to cyber security within the last year. 29% of charitable organisations now ensure all staff are trained to prevent further attacks. Similarly, over a quarter of businesses (27%) now train their staff; this has increased from a fifth in 2018.

When 80% of businesses and 81% of charities that found they had been breached had experienced sustained phishing attacks and threats in 2018, with 28% of businesses and 20% of charities finding themselves vulnerable to impersonation attacks both through email and online, the importance of training staff to recognise these threats becomes extremely clear.

As the government look to embed the five technical areas listed under the Cyber Essentials certification, 56% of businesses have responded and are now protected in these areas. An improvement of 5% from a year earlier. Two fifths of charitable organisations (41%) are also compliant. This figure has significantly increased from only 29% of charitable organisations protecting themselves just a year earlier.

Even though a lot of progress is being made, the report emphasises that both businesses and charities need to further develop a range of cyber security processes to further combat the cyber threat in the future. Only 16% of businesses and 11% of charities have implemented any formal cyber security incident management processes. Whilst this represents a 3% increase from a year earlier, the uptake remains extremely low and suggests that inconsistencies in dealing with cyber attacks could result in further vulnerabilities.

Additionally, the report has found that only 18% of businesses and 14% of charities insist on their suppliers following any cyber security standards. Law firms dealing with suppliers whether they be related to digital devices or not, could inadvertently cause a loss of data if they are poorly protected from cyber attacks.

A statement from insurance specialists ABI, commented:

“The fall in reported cyber attacks is encouraging, but with the financial losses of these incidents continuing to rise, there can be no room for any cyber crime complacency. The rise in the number of large and medium sized firms having cyber insurance reflects greater awareness of the value of this cover, as insurers play a vital role in supporting customers to recover from an attack, and in helping them manage the cyber threat. But we need to do more to promote this insurance to smaller firms, who are often the least protected against cyber criminals.”

Is your business adequately protected against the threat of cyber attacks? Does your firm adhere to the golden triangle of cyber protection – people, processes, technology?

Find the full report here.

Have you heard of Today’s Legal Cyber Risk? This is a sample article which we published recently. Our up and coming publication is respected as a source of reliable advice and information which informs the legal sector about the changes that are happening in regards to IT, risk and cyber crime. Are you a managing partner of a law firm? Or do you work in their IT department? Sign up to Today’s Legal Cyber Risk free newsletter here.