Not-so-cyber secure
Covid-19 has thrown up challenges for organisations when it comes to breaches and attacks
THE coronavirus pandemic may have left businesses at greater risk from cyber security breaches, the Department for Digital, Culture, Media and Sport has warned. An annual survey from DCMS has revealed four in ten businesses (39%) and a quarter of charities (26%) reported having cyber security breaches or attacks in the last 12 months.
Fewer businesses are identifying breaches or attacks than the year before (when the proportion stood at 46%), while the charity results are unchanged.
This could be the result of a reduction in trading activity from businesses during the pandemic, which may have inadvertently made some businesses temporarily less detectable to attackers this year.
However, other evidence from the study suggests that the risk level is potentially higher than ever under Covid-19, and that businesses are finding it harder to administer cyber security measures during the pandemic.
For example, fewer businesses are now deploying security monitoring tools (35%, compared to 40% a year before) or undertaking any form of user monitoring (32% compared to 38%).
Because of this, the DCMS say the reduction among businesses possibly suggests that they are simply less aware than before of the breaches and attacks their staff are facing.
The report has also revealed that significant changes in ways of working caused by the pandemic have made cyber security harder for many organisations.
For example, direct security and user monitoring have become harder in organisations where staff are working remotely.
Upgrading hardware, software and systems has also become more difficult. With staff working at home, there are more endpoints for organisations to keep track of.
Meanwhile, more generally the pandemic had stretched resources and led to competing priorities in IT and cyber security teams.
In some cases, there was a perceived conflict between prioritising IT service continuity and maintenance work, and aspects of cyber security such as patching software.
Cyber security breaches pose a serious threat to businesses and charities.
Among those that have identified breaches or attacks in the last year, around a quarter experience them at least once a week.
The most common by far are phishing attacks, followed by impersonation.
Of the businesses and charities that identified breaches or attacks, one in five (21% and 18% respectively) end up losing money, data or other assets.
The average cost in the past 12 months is estimated to be £8,460 rising to £13,400 for medium and large firms.
Meanwhile, even where there is not a material loss, one-third of businesses (35%) and four in ten charities (40%) report being negatively impacted regardless, for example because they require new post-breach measures, have staff time diverted or suffer wider business disruption.