EDITOR ’ S question t ’ s promising to see a rise in the
I number of UK businesses now undertaking basic cyberhygiene practices from malware protection and restricting admin rights , to implementing network firewalls and standard processes for dealing with phishing emails .
These measures are especially important when you consider the number of attacks companies are reporting , up by 18 % compared to last year . With unsophisticated techniques such as phishing remaining the most common form of attack , this basic cyber-hygiene can be the difference between businesses being breached or not . It ’ s good news that the adoption of these practices and products has increased for the first time in the last three years .
This spike in cyberhygiene coupled with the rise in businesses buying cyberinsurance , up from 37 % to 43 %, indicates an increase in cyberawareness and investment . However , there are several concerning findings which suggest that this may not be the case on the ground .
Only 11 % of businesses are reviewing the risks posed by their immediate suppliers , despite supply chain attacks accounting for a huge proportion of breaches across all sectors . Three quarters of businesses stated that cybersecurity is a high priority for their senior management and although this is a large proportion , this also means that 25 % of board-level leaders in the UK aren ’ t placing enough importance on security , reinforced by the fact that just three in 10 businesses have
This means that almost half of medium sized businesses and a third of large businesses are still operating without a plan for their cybersecurity .
senior management explicitly responsible for cybersecurity . This figure has stagnated since 2023 .
There has been an increase in the number of businesses which have a formal cyberstrategy in place , to 58 % for medium and 66 % for large businesses . Again though , this means that almost half of medium sized businesses and a third of large businesses are still operating without a plan for their cybersecurity , and with attacks becoming increasingly prevalent and indiscriminate , every business with a digital footprint should have at least a basic cybersecurity strategy .
Within the channel , it seems that the governmentbacked Cyber Essentials is being ignored by a vast number of IT and Managed Service Providers . The report found that despite 41 % of businesses seeking advice from the channel , only 12 % are aware of Cyber Essentials , which is a decline since 2021 .
The increase in basic cyberhygiene is a step in the right direction , however , there remain underlying figures within the Cyber Breaches Survey which suggest mindsets and action from businesses is still lagging behind today ’ s threats . In 2024 it is critical that organisations are aware of their risk and have proportionate response to that risk , through formalised plans , increased knowledge and boardlevel buy in .
TOM KIDWELL , A FORMER BRITISH ARMY AND UK GOVERNMENT INTELLIGENCE SPECIALIST , AND
CO-FOUNDER OF ECLIPTIC DYNAMICS , AN INTERNET INFRASTRUCTURE SECURITY SPECIALIST
WWW . INTELLIGENTCISO . COM 29