Report queries government cyber security support awareness
Survey of over 1,500 enterprises questions current effectiveness of approach to support industry over fears of growing prevalence of online attacks
“Relatively few” private organisations are seeking government guidance or support to address cyber security as a new survey of 1,523 companies has found that just under half of businesses have identified a breach or attack over the last year.
According to the government’s Cyber Security Breaches Survey 2017, conducted primarily by telephone survey between last October and January 2017, 46% of respondents identified at least one cyber security attack over the previous twelve month period. The figure was found to grow to two thirds (66%) for medium-sized firms and 68% for large companies that have in excess of 250 employees.
In its conclusions, the survey argues that a growing prevalence of threats such as ransomware has increased awareness and the importance of addressing cyber security for business. This awareness is in line with efforts by government to set out a Cyber Essentials scheme to help better prepare for attacks.
The findings note that while business was perceived as finding government information and guidance on cyber security useful, relatively few were seeking support from Whitehall on protecting their operations.
This was the case even with a lack of trust around advice from private sector sources, putting more emphasis on the National Cyber Security Centre (NCSC), which was established last year to try and make it easier to get information and support about online attacks.
“While most businesses have at least some basic technical controls, such as firewalls, patched software and anti-malware programmes, few are aware they can be certified for having the full range of controls in the government-endorsed Cyber Essentials scheme,” said the survey.
Compiled by Ipsos Mori for the Department for Culture, Media and Sport (DCMS), the findings did not include sole traders, or businesses in the agriculture, forestry and fishing sectors or public sector bodies as part of its scope. The survey is devised to highlight the potential challenges for industry and government in protecting the wider digital economy and systems.
“Nearly half of all UK businesses have identified a breach or attack in the last 12 months. While breaches do not always result in a material outcome, such as loss of data or network access, in cases where this does happen, it has a significant impact on the organisation,” said the findings.
The report argued that cyber security training in the public organisations surveyed was viewed as uncommon. This training was therefore more likely to be offered to IT staff within an organisation as opposed to the entire workforce.
“Despite this, the main types of breaches that organisations face tend to be phishing, viruses and ransomware attacks – attacks that can exploit human error, as well as technical flaws in cyber security,” said the study.
The findings have been released on the back of recent scrutiny of a broader government approach to protecting UK systems and infrastructure across the public and private sector.
In February, Parliament’s Public Accounts Committee (PAC) released a report looking at the government’s cyber security efforts that included calls for a clearer focus in defining the NCSC’s role in preventing attacks.
The committee called for a detailed plan to be published by the government by the end of the financial year detailing how the NCSC will assist and communicate with organisations.
According to the report, as of April 2016, 12 separate teams or bodies working from the centre of government were charged with tackling or preventing potential cyber threats, seen as one of the key security risks facing the nation.