Businesses and charities are showing progress in defending against breaches and ensuring General Data Protection Regulation Compliance (GDPR), according to a new report published by the Department for Digital, Culture, Media and Sport.
The Cyber Security Breaches Survey 2019 found that less than a third (32%) of business and less than a quarter (22%) of charities reported a cybersecurity breach or attack in the last 12 months. The reported number of businesses identifying breaches or attacks is lower than it was in both 2018 (43%) and 2017 (46%). Similarly, the number of breaches or attacks for charities also declined.
“While fewer businesses have identified breaches or attacks than before, the ones that have identified them are typically experiencing more of them. These are consistent trends since the 2017 survey...Among the 32% of businesses that did identify any breaches or attacks, the typical (median) number they recall facing has gone up, from 2 attacks in 2017 to 6 in 2019,” the report said.
The statistics suggest that GDPR may be influencing cybersecurity awareness, which is driving change for enterprise security; however, the study also recognized that more can be done to protect against new and emerging cyber-threats. While companies are receptive to guidance on how to improve aspects of cybersecurity, the study found that companies need to be more proactive.
“Six in ten businesses (59%) and just under five in ten charities (47%, up from 36% in 2018) have sought external information or guidance on cyber security in the last 12 months," the report said. "However, only seven per cent of businesses and nine per cent of charities have sought information or guidance from the Government or public-sector bodies (such as the National Cyber Security Centre).”
Despite the majority of these businesses (75%) admitting that the information they receive is useful, the statistics gave evidence that companies and charities fail to seek information out for themselves.
“While cybersecurity is climbing up the ladder to becoming a top business priority, this survey is a clear sign that there is more to be done to really move the needle on protecting businesses and charities from potential disruptive breaches,” said Hiwot Mendahun, cybersecurity analyst at Mimecast.