While fewer businesses are suffering from cyber attacks or breaches, those attacks that do occur are becoming more costly and targeted. According to the latest Government figures published in ‘The Cyber Security Breaches Survey 2019’, around one-in-three businesses (32%, in fact) have become the victims of an attack or breach in the past 12 months. While this figure is lower than in 2018 (when it stood at 43%) and in 2017 (46%), those who were victims typically reported facing six attacks compared to just two in 2017.
The figures from the Department for Digital, Culture, Media and Sport also show that phishing attacks (identified by 80% of victims) and others impersonating an organisation (28%) – both of which rely on human error – are now more common than viruses, spyware or malware attacks (27%).
The report documents that businesses have increased their defences, but suggests that attacks are becoming more focused.
Jon Abbott, CEO of IT services provider Priority One and founder of cyber security platform ThreatAware, believes the figures reflect the trends the industry’s already seeing.
“Attacks are becoming more targeted and costly and cyber criminals are becoming more sophisticated,” observed Abbott. “As IT teams shore up their defences, attackers are choosing softer targets and preying on people instead. They recognise that humans are now the weakest link in the chain and, increasingly, the targets for determined attackers are directors and senior decision-makers.”
Abbott continued: “This demonstrates that cyber security is no longer just an IT issue, but rather a company-wide challenge. It’s one which involves people throughout the organisation and needs to be overseen at Board level.”
The report highlights that 30% of attacks had a negative outcome, resulting in loss of data or assets with the average (mean) cost to the business being £4,180, which is higher than in 2018 (£3,160) and 2017 (£2,450).