UK firms dropping the ball on data breach reactions

April 10, 2024
1 min read


TLDR:

UK businesses are failing at data breach responses, with many organizations not implementing proactive measures or having formal incident response plans in place. The lack of awareness training for employees and the prevalence of phishing attacks are key concerns. However, some businesses have improved their defenses since 2023.

Article:

Security experts warn that UK firms must up their data breach response game due to the rising scale of threats faced on a daily basis. According to the government’s annual Cyber Security Breaches Survey, more than half of firms in the UK experienced a cyber attack or breach over the last 12 months. However, nearly four-in-ten of these firms took no action in response to the incident.

The survey also revealed that a majority of medium-sized businesses fell victim to breaches, along with large businesses and charities. Despite the high prevalence of cyber attacks, only a small percentage of businesses and charities have formal incident response plans in place. This lack of preparedness raises serious questions about the ability of UK companies to deal with the increasing threat landscape.

One common type of attack identified in the survey was phishing, affecting a large percentage of businesses and charities. Another concern highlighted was the lack of awareness training for employees, with only 18% of respondents stating they had provided such training. However, there are some positive trends, with businesses improving their defenses since 2023 by utilizing up-to-date malware protection and implementing other security measures.

While the cost of a breach was evaluated in the report, some experts question the accuracy of the figures provided. The report’s reliance on self-reporting may skew the results, leading to potential underestimation of the true costs of breaches. Overall, the findings of the survey underscore the urgent need for UK businesses to enhance their data breach response strategies and invest in cybersecurity measures.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and