Government Cyber Breaches Survey - Tom Henson Response

Tom Henson, Managing Director at Emerge Digital, a leading technology and digital innovation business and Managed Services Provider (MSP) based in the UK. 

“The Cyber Breaches Survey raises some interesting questions about the investment and understanding of cybersecurity from UK businesses. There has been a marked increase in the number of businesses undertaking basic cyber hygiene processes in the last 12 months, including using up-to-date malware protection, up from 76% to 83%, restricting admin rights, up from 67% to 73%, implementing network firewalls, up from 66% to 75%, and having agreed processes for phishing emails, up from 48% to 54%. However, on the flip side of these findings, it is deeply concerning that nearly two fifths of businesses don’t have up-to-date malware protection, which in today’s world should really be 100%. There simply isn’t an excuse for businesses not to have these types of protections, so although these figures highlight steps in the right direction, it isn’t enough. 

“It is also worrying to see such a small percentage of businesses with oversight of their supply chain. Just 11% review the risks posed by their immediate suppliers, and only 6% look at their wider supply chain. A vast number of breaches which occur are caused by supply chain attacks, and gaining visibility of supplier risk should be a top priority for all businesses. For large businesses, which are investing more in cybersecurity, there has been a dip in both immediate and wider supply chain risk analysis. This is likely because, following a spike in 2023, businesses felt comfortable that they’d taken action and could now relax slightly. However, when it comes to cybersecurity, this simply isn’t the case. Cybercriminals are working overtime to try and find new ways to breach businesses, and senior leaders must do the same. By not constantly evolving and improving your defenses, you give attackers the chance to catch up. 

“It’s also surprising that such a large number of businesses remain unaware of the government-backed Cyber Essentials scheme, with just 12% stating they were aware of it. This figure has decreased year-on-year from 16% in 2022. The scheme gives businesses a solid, base-level of protection, and as the government’s flagship cyber certification, it is staggering that so many are still unaware of it. There is no reason that all businesses shouldn’t know about the scheme, even at a base level. 

“The report found that just 41% of businesses had sought out external cybersecurity advice this year. This number should be much higher. Seeking advice is the first step in improving cybersecurity, and the fact that more than half of UK businesses are yet to take this step is concerning.” 

-- 

Ends

Editors notes

Managed Services Provider in Cheltenham