2022 Security Breach Report Published

The Cyber Security Breaches Survey for 2022 has recently been published by The Department for Digital, Culture, Media and Sport- the full version of which you can find by clicking here.

The running theme of most of our articles continues here, with 39% of organisations having reported a cyber attack over the last year, which is the same percentage as last year. Additionally, as we have also found with our other conversations regarding cyber attacks, phishing is the most common type of cyber attack, with 83% of cyber attacks being phishing. The report also provided a figure of the average cost of a phishing attack to organisations- with that figure in the 2022 report standing at 42%, with larger organisations paying bigger sums of money.

Interestingly, less than 50% of organisations who experienced one had an insurance policy that covered cyber attacks, and perhaps more worryingly, only 19% of those that were surveyed had a proper incident report plan in place. This would suggest that most organisations still view cyber security as a cost, and not an investment. Has the average cost to organisations not reached a point yet where most feel like they need robust plans in place to mitigate the costs of potential attacks. Perhaps there is more work to be done to fully put across the risks posed by cyber attacks to every organisation.

The NCSC has various resources for organisations of all sizes, which I’ll list below.

For larger organisations, please take a look at the below resources:

https://www.ncsc.gov.uk/section/board-toolkit/about

https://www.ncsc.gov.uk/collection/10-steps

Whilst smaller businesses and charities will find these resources useful:

https://www.ncsc.gov.uk/blog-post/ncsc-cyber-security-training-for-staff-now-available

https://www.ncsc.gov.uk/information/exercise-in-a-box

Reported Ransomware Attacks in the UK Double

Since 2020, the number of Ransomware attacks reported to the ICO have doubled from 326 in 2020 to 654 in 2021. The sectors that have been affected the most are education, insurance and finance. If you’re looking for guidance on how to respond to ransomware attacks, then please click the link here.

The NCSC also suggests that organisations explore the option of cyber insurance, which would aid in the recovery, should you experience a cyber attack. If this sounds like something that would interest you or your organisation, then take a look at considerations to take when choosing cyber insurance.

Mental Health Charity Suffers Cyber Attack

A mental health charity based in Scotland has recently announced that they have been victim to a cyber attack. The Scottish Association for Mental Health works with over 60 communities within Scotland, and the attack has been described as ‘sophisticated and criminal’. The attack left them unable to receive and respond to emails, and phone lines were affected, albeit it to a lesser extent.

Whilst this may seem like an anomaly, for a charity to be the target of a cyber attack, there have been previous examples of this happening unfortunately. In 2020, the Scottish Environment Protection Agency experienced an attack which resulted in personal data and files being stolen. Attacks on the charity sector have been such an issue, that the NCSC worked with ‘Charity Digital’ in 2021 to conduct an investigation. As part of the findings of the investigation, NCSC found that there were simple steps that charities could take to mitigate some of the risks from cyber attacks. The best piece of advice/guidance on how charities can protect themselves from the most common cyber threats can be read in the NCSC’s Small Charity Guide.