• 0800 0862018
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 8:00 - 17:00

InfoSec / Cyber

Cyber security breaches 2024 in gold letters businesses and charities in blue in an orange and blue circle with Harry the Hacker in an orange hoodie in the background phishing for a laptop

Cyber Security Breaches Survey 2024 (Businesses and Charities)

A summary of the government Cyber Security Breaches 2024.  It is an official set of statistics produced by the Department for Science, Innovation and Technology in partnership with the Home Office. The findings of this survey provide a comprehensive description of cyber security for a representative sample of UK organisations, which provides a snapshot of UK cyber resilience at this point in time.

The study has included more information about cyber crime and fraud that occurred as a result of cyber crime.  The key points are highlighted below:

Increase  in cyber attacks - likely because the difficult economic conditions were driving opportunists to take advantage.  An increase in phishing attacks, this has resulted in some organisations investing more in cyber security.

Phishing attacks have become more sophisticated because of an advancement in technology.

Organisations are not going to official sources for advice and more likely to rely on IT consultants as just 1% of businesses and 2% of charities mention the NCSC by name.

Cyber security was not commonly raised as a consideration when choosing a digital services provider (cloud provider) with the focus being on track record and cost.  The was often an assumption that the DSP would be responsible for the risks and management of cyber security i.e. placing a great deal of trust in the DSP.

There was a significant increase among medium businesses to having a formal cyber security strategy in place, with four in ten businesses and a third of charities reporting being insured against cyber security risks in some way.

The report gives statistics about general cyber resilient controls that businesses and organisations have in place:

Figure 3.6 Percentage of organisations that have the following rules or controls in place

Rules or controls in place Businesses Charities
Up-to-date malware protection 83% 65%
A password policy that ensures that users set strong passwords 72% 54%
Backing up data securely via a cloud service 71% 54%
Restricting IT admin and access rights to specific users 73% 65%
Firewalls that cover the entire IT network, as well as individual devices 75% 48%
Security controls on organisation-owned devices (e.g. laptops) 58% 44%
Only allowing access via organisation-owned devices 61% 34%
An agreed process for staff to follow with fraudulent emails or websites 54% 35%
Rules for storing and moving personal data securely 48% 47%
Backing up data securely via other means 55% 41%
Any Two-Factor Authentication (2FA) for networks/applications 39% 33%
Separate Wi-Fi networks for staff and visitors 35% 25%
Monitoring of user activity 30% 29%
A virtual private network, or VPN, for staff connecting remotely 32% 18%
A policy to apply software security updates within 14 days 34% 20%

Bases: 2,000 UK Businesses, 1,004 charities

Half of businesses (50%) and around a third of charities (32%) report having experienced any kind of cyber security breach or attack in the last 12 months.  The types of breaches:

With phishing attacks being by far the most disruptive.

Adding staff time to deal with the attacks was the highest impact on an organisation when dealing with a breach followed by implementing new measures for future attacks.   Actions taken to prevent future breach attacks since the most disruptive breaches:

Additional staff training
Changed or updated firewall or systems configurations
Installed, changed or updated antivirus or anti-malware software
Increased monitoring 
No action taken

While a lot of the results suggest that the prevalence of some activities have increased or at least stabilised in 2024, the trends are mostly negative when looking at organisational awareness and the use of information. There has been a fall in the proportion of businesses seeking information or guidance on cyber security from outside their organisation in the past year.

The full report is available to read: Cyber Security Breaches Survey 2024