Cyber Security Breaches Report

April 24, 2024 | CyberSmart , Cybersecurity
Chloe Schofield

Written by
Chloe Schofield

The Cyber Security Breaches Survey for 2024 has been released, and it paints a worrying picture for charities: cybercrime in this area is on the rise.

In the past year, 22% of businesses and 14% of charities have encountered cybercrime. We’re looking at some big numbers across the board, estimating that in the last 12 months, UK charities have experienced approximately 924,000 cybercrimes. For UK businesses, that’s a whopping 7.78 million (approximate).

This year's survey contains many interesting findings. We summarise the key findings and discuss ways organisations across the UK have been impacted by and are responding to cybersecurity threats.

What is the Cyber Security Breaches Survey?

The Cyber Security Breaches Survey is a research study conducted annually. It reveals the ongoing threats of cybercrime and cyberattacks impacting businesses and charities of all shapes and sizes. The survey aims to help inform government policy and cyber best practices for businesses.

Understanding the landscape can help MSPs make the right decisions about the cybersecurity products they offer their customers, ultimately helping create a safe online space for UK enterprises.

What are the key findings?

Identified breaches and cyberattacks

With 50% of businesses and around a third of charities reportedly experiencing cybersecurity breaches or attacks in the past year, the survey suggests that this number increases to around 70% for medium and larger organisations and high-income charities. The most common type of attack was phishing, followed closely by impersonation and malware.

Cybersecurity hygiene

As many cyber threats are relatively unsophisticated, they can be protected against through basic cyber hygiene measures. These include malware protection, password policies, cloud back-ups, restricted admin rights, and network firewalls. Overall, adoption rates have increased, with many businesses implementing these measures. Around seven in every ten businesses and around half of charities have them in place.

Risk management

Larger businesses are more likely to have cybersecurity risk assessments and security monitoring tools than smaller organisations and charities, and an increasing number of companies are now insured against cybercrime. In addition, there's an increased awareness of supply chain risks, though small businesses still lack effective cybersecurity against broader supply chains.

Decision maker input

Since 2023, there has been a slight shift in board engagement or corporate governance regarding cybersecurity. It remains a high priority for senior management in most businesses and charities, particularly larger organisations. That said, board engagement varies, and larger organisations see structured approaches. Lack of knowledge, training, and time all play a factor. Three-quarters of businesses (75%) and more than six in 10 charities (63%) report that cybersecurity is a high priority for senior management.

Guidance and cybersecurity certification

The percentage of businesses seeking external cybersecurity guidance currently stands at 41%, compared to 49% in 2023. In addition to this, the awareness of government guidance including the Ten Steps to Cyber Security and Cyber Essentials is not widespread. For instance, only 12% of businesses and 11% of charities are aware of the Cyber Essentials scheme.

What is motivating securing outsourced accreditation? Qualitative findings from the survey shows that client demand, pressure from board members, the desire to create positive change in staff culture, and peace of mind are among the reasons.

Incident response

What does the survey show about how businesses and charities respond to cyberattacks? While many organisations claim to have incident response plans, this is only sometimes the case. Regarding reporting breaches to external parties, 34% of businesses and 37% of charities reported the most disruptive breach outside their organisation.

However, these results could be somewhat skewed, with reporting going to IT or cybersecurity partners rather than official reporting bodies. The survey also suggests that small organisations rely heavily on their IT provider to resolve and report issues, partly stemming from the need for more internal expertise. Large organisations need help with communication issues between IT support and internal teams.

Key stats from the 2024 Cyber Security Breaches Survey

The financial impact

The rise in cybersecurity assessments

Cybersecurity threats

How can businesses protect themselves?

A blended cybersecurity strategy is a strong defence against cybercrime, and MSPs play a crucial role in providing comprehensive cybersecurity solutions for their customers.

Businesses need to be looking at broad protection that includes:

  • Airtight password management
  • Firewalls and antivirus
  • Network protection
  • Cyber Essentials certification
  • Threat and vulnerability management
  • Cybersecurity staff training
  • Microsoft 365 security
  • Browser protection
  • Data loss and prevention and protection

Head to our website to see our list of high-quality, industry-leading vendors.

The takeaway

Cybersecurity is a top priority whether you work with SMEs or large organisations. No sector is safe from potential threats, and cybercrime is on the rise in the charity sector. These charities face vulnerabilities, and it's clear that hackers have put a target on their backs.

As phishing and malware attacks evolve, ensure you’re offering your customers the best defences to tackle these threats. 58% of medium businesses, 66% of large companies, and 47% of high-income charities have a formal cybersecurity strategy in place, which shows a positive trend as we move towards an increasingly cyber-aware landscape.

The ongoing threat of cyberattacks reinforces the importance of a blended, preventative, and robust cybersecurity strategy with measures in place to mitigate risks. Our comprehensive portfolio of vendors allows MSPs to build a strong cybersecurity offering. Please chat with our experts to find out more.

Recommended reading

Who’s ready for the Cyber Governance Code of Practice?

The Government is pushing businesses to beef up their cybersecurity defences. It’s part of the broader ...

The importance of Cyber Essentials

When it comes to cybersecurity, businesses must take a proactive approach to their online safety, ensuring ...

How spear phishing works (and how to spot it)

When it comes to the online safety of a business, there’s a series of steps companies can take to protect ...