DCMS Cyber Security Breaches Survey 2020

The UK Department for Culture, Media and Sport (DCMS) has revealed that nearly half the UK’s businesses (46%) were faced with cybersecurity attacks or breaches in the last 12 months.

The department’s Cyber Security Breaches Survey 2020 is an annual quantitative and qualitative study of 1,348 businesses and 337 registered charities across the UK. This year’s study revealed that cyber attacks have not only evolved but have become more frequent, with the highest number of reported incidents amongst medium-sized businesses (68%), large businesses (75%) and high-income charities (57%).

The DCMS said that while the results for businesses are in line with those reported in 2017, the results for charities showed an increase from 19% in 2018 to 22% in 2019. In the last year, a quarter of charities (26%) were attacked.

Since 2017, the nature of cyber-attacks has also been different. An increasing number of businesses have reported being hit with phishing attacks – up from 72% in 2017 to 86% today. But fewer businesses reported attacks in the form of viruses or other malware (down from 33% to 16%).

Encouragingly, UK organisations have become better at dealing with breaches and attacks according to the DCMS. It found that organisations are now less likely to report negative outcomes or impacts from cyber breaches, and are more able to make a quick recovery.

That said, another report by the DCMS revealed that 653,000 businesses (48%) lack sufficient technical, incident response and governance skills to handle the threats they’re faced with. These businesses are not confident they can perform even the basic tasks listed in the government-endorsed Cyber Essentials scheme. Nor are they currently getting support from external cyber security providers.

The most common skills gaps identified were in creating configured firewalls, detecting and removing malware, and storing or transferring personal data. But almost 408,000 businesses (30%) have more advanced skills gaps in areas such as penetration testing, security architecture and forensic analysis. A quarter (27%) said they don’t have sufficient skills when it comes to incident response.

Cybersecurity staffing and training remain key challenges for UK businesses, with almost two-thirds (62%) reporting they are recruiting staff who have, or are working towards, cyber security-related qualifications. Sixty-eight per cent of companies reported that they had tried to fill a cyber security role within the last three years, but 35% had found those vacancies difficult to fill.

SynergySix Opinion

These findings will not come as a surprise to many organisations. The issue of the cybersecurity skills shortage is ongoing and persistent – making the ability to bridge between evading current threats whilst hiring experienced cyber professionals a tough challenge.

The COVID-19 crisis has simply exacerbated things even more and has resulted in a dramatic uptick in cyber-attacks against organisations and individuals, as criminals seek to take advantage of the situation. However, it has proven easier to create a brand new 4,000-bed hospital in London’s ExCel from scratch than to recruit and train thousands of cyber professionals to help tackle the surge in attacks.

Businesses needing to access skills quickly, or supplement stretched internal teams, should consider engaging with managed security service providers (MSSPs), which have the capabilities to provide a much-needed breathing space while they focus their energies on pressing commercial issues and business continuity. With time both a luxury and a limiting factor, the cost of a phone call or video conference may provide a business with the insights needed to manage this vital area. As a result, SynergySix expects MSSPs to see a substantial increase in demand for their services in the coming weeks and months.