UK Cybersecurity Breaches: from 2020 to Now

It’s been a busy year for the online world of work. At the beginning of the UK lockdown last March, the majority of organisations were given the order to work from home where possible, or offer furlough to workers unable to. The uptake and hasty adoption of remote working solutions and practices naturally led to greater strains on organisational cybersecurity. Businesses have faced challenges in combatting an increase in attacks from phishing, social engineering, and ransomware.

Last week, the UK government released their Cybersecurity Breaches Survey for 2021 – a detailed report compiling the state of cyberbreach in the UK over the last 12 months.

In order to fully understand the impact that the pandemic has had on UK cybersecurity, and (chiefly) the safety of remote work in the present day, we’ve highlighted some of the key statistics from this year’s report and put them side by side to the year before.

General breach

The immediate reaction of UK organisations, as a whole, in response to the shift to remote working can only be applauded. In the 2020 report, 46% of businesses reported a data breach incident in the previous 12 months; this number has dropped by 7% this year to 39%. Even charities have managed to stay level, with 26% reporting a breach incident.

That being said, there’s still a long way to go in terms of optimising cybersecurity overall in order to see those numbers reduce. Some experts say that the lower number of incidents suggests IT teams are actually less aware of attacks on their organisation.

A key indicator that this may be the case is the rise in the average cost of a data breach. In 2020, the overall figure totalled just over £3,000. Exclusively for medium to large firms, this number was just over £5,000. In 2021’s report, this number has risen to an overall of £8,500, and in medium to large firms alone, £13,400. To put this into perspective, that’s approximately a 160% increase in both cases.

Why might this be?

It’s no surprise that this year has brought with it more burden when it comes to cybersecurity breaches – COVID-19 brought along opportunity for cyberattackers and APT actors to exploit the remote working world.

This year, 5% fewer businesses are deploying security monitoring tools, likely due to difficult in operation with a remote workforce. Worryingly, it was also found in 2021’s survey that 32% of large businesses are still using laptops with unsupported versions of Windows, opening up the company and its network with some of the most basic and visible vulnerabilities. All it takes is one vulnerable device for a hacker to compromise the business network, and this alarming finding suggests that it’s in 1 of every 3 large corporations.

Prevention efforts also felt the effects of the pandemic. Up-to-date malware protection in businesses and charities is down by 5% and 11% respectively, as are network firewalls by 15% in both sectors.

What can be done to improve the security of organisation’s working remotely?

An element of good news from this year’s findings is that 1 in 3 businesses and 1 in 5 charities have adopted the use of a VPN for work, protecting the online day-to-day tasks and browsing of their employees. Whilst this uptake is encouraging, the numbers are still low, with the risk posed from online still being extremely high.

To properly secure operations and communications, businesses need to ensure they are securing their remote workers in the best way possible; people have been cited as one of the main causes in a data breach incident, often through negligence.

Serbus are the experts when it comes to securing the remote worker. Our solutions seek to secure workforces to any level, even up to Official Sensitive, and we excel in consulting with our clients to find the vulnerabilities many might not be able to recognise. To speak with us about how we can help you, get in touch at [email protected], or call our office on +44 1432 870879.