The Cyber Security Breaches Survey for 2024 has been released, and it paints a worrying picture for charities: cybercrime in this area is on the rise.
In the past year, 22% of businesses and 14% of charities have encountered cybercrime. We’re looking at some big numbers across the board, estimating that in the last 12 months, UK charities have experienced approximately 924,000 cybercrimes. For UK businesses, that’s a whopping 7.78 million (approximate).
This year's survey contains many interesting findings. We summarise the key findings and discuss ways organisations across the UK have been impacted by and are responding to cybersecurity threats.
What is the Cyber Security Breaches Survey?
The Cyber Security Breaches Survey is a research study conducted annually. It reveals the ongoing threats of cybercrime and cyberattacks impacting businesses and charities of all shapes and sizes. The survey aims to help inform government policy and cyber best practices for businesses.
Understanding the landscape can help MSPs make the right decisions about the cybersecurity products they offer their customers, ultimately helping create a safe online space for UK enterprises.
What are the key findings?
Identified breaches and cyberattacks
With 50% of businesses and around a third of charities reportedly experiencing cybersecurity breaches or attacks in the past year, the survey suggests that this number increases to around 70% for medium and larger organisations and high-income charities. The most common type of attack was phishing, followed closely by impersonation and malware.
Cybersecurity hygiene
As many cyber threats are relatively unsophisticated, they can be protected against through basic cyber hygiene measures. These include malware protection, password policies, cloud back-ups, restricted admin rights, and network firewalls. Overall, adoption rates have increased, with many businesses implementing these measures. Around seven in every ten businesses and around half of charities have them in place.
Risk management
Larger businesses are more likely to have cybersecurity risk assessments and security monitoring tools than smaller organisations and charities, and an increasing number of companies are now insured against cybercrime. In addition, there's an increased awareness of supply chain risks, though small businesses still lack effective cybersecurity against broader supply chains.
Decision maker input
Since 2023, there has been a slight shift in board engagement or corporate governance regarding cybersecurity. It remains a high priority for senior management in most businesses and charities, particularly larger organisations. That said, board engagement varies, and larger organisations see structured approaches. Lack of knowledge, training, and time all play a factor. Three-quarters of businesses (75%) and more than six in 10 charities (63%) report that cybersecurity is a high priority for senior management.
Guidance and cybersecurity certification
The percentage of businesses seeking external cybersecurity guidance currently stands at 41%, compared to 49% in 2023. In addition to this, the awareness of government guidance including the Ten Steps to Cyber Security and Cyber Essentials is not widespread. For instance, only 12% of businesses and 11% of charities are aware of the Cyber Essentials scheme.
What is motivating securing outsourced accreditation? Qualitative findings from the survey shows that client demand, pressure from board members, the desire to create positive change in staff culture, and peace of mind are among the reasons.
Incident response
What does the survey show about how businesses and charities respond to cyberattacks? While many organisations claim to have incident response plans, this is only sometimes the case. Regarding reporting breaches to external parties, 34% of businesses and 37% of charities reported the most disruptive breach outside their organisation.
However, these results could be somewhat skewed, with reporting going to IT or cybersecurity partners rather than official reporting bodies. The survey also suggests that small organisations rely heavily on their IT provider to resolve and report issues, partly stemming from the need for more internal expertise. Large organisations need help with communication issues between IT support and internal teams.
Key stats from the 2024 Cyber Security Breaches Survey
The financial impact
- Many organisations and charities have experienced cybercrime, with the average annual cost for businesses being roughly £1,120 per victim.
- The average cost of a single disruptive breach was approximately £1,205, with the figure rising to approx. £10,830 for medium and large businesses, and £460 for charities.
The rise in cybersecurity assessments
- 31% of businesses and 26% of charities have undertaken cybersecurity risk assessments in the last year - rising to 63% of medium companies and 72% of large businesses.
- The proportion of businesses with some form of insurance has increased from 37% to 43% compared to the 2023 survey.
Cybersecurity threats
- Phishing attacks take the lead, with 84% of businesses and 83% of charities falling victim. Cybercriminals impersonating organisations in emails or online take second place (35% of companies and 37% of charities). Viruses or malware attacks hit 17% of businesses and 14% of charities.
- 3% of businesses and 1% of charities have been victims of fraud due to cybercrime. The proportion is higher among large companies (7%).
How can businesses protect themselves?
A blended cybersecurity strategy is a strong defence against cybercrime, and MSPs play a crucial role in providing comprehensive cybersecurity solutions for their customers.
Businesses need to be looking at broad protection that includes:
- Airtight password management
- Firewalls and antivirus
- Network protection
- Cyber Essentials certification
- Threat and vulnerability management
- Cybersecurity staff training
- Microsoft 365 security
- Browser protection
- Data loss and prevention and protection
Head to our website to see our list of high-quality, industry-leading vendors.
The takeaway
Cybersecurity is a top priority whether you work with SMEs or large organisations. No sector is safe from potential threats, and cybercrime is on the rise in the charity sector. These charities face vulnerabilities, and it's clear that hackers have put a target on their backs.
As phishing and malware attacks evolve, ensure you’re offering your customers the best defences to tackle these threats. 58% of medium businesses, 66% of large companies, and 47% of high-income charities have a formal cybersecurity strategy in place, which shows a positive trend as we move towards an increasingly cyber-aware landscape.
The ongoing threat of cyberattacks reinforces the importance of a blended, preventative, and robust cybersecurity strategy with measures in place to mitigate risks. Our comprehensive portfolio of vendors allows MSPs to build a strong cybersecurity offering. Please chat with our experts to find out more.
