Breaking Down the Cyber Security Breaches Survey 2024

Springtime is in full swing, and along with the welcomed change in weather came the release of The Cyber Security Breaches Survey 2024. It’s jam-packed with helpful information that should be useful for any business, charity or educational institute of any size.

My name is Shimon Sorga, Technical Manager and resident cybersecurity expert in the Netitude building. I’m here to share the key findings and takeaways from this year’s security survey.

What is The Cyber Security Breaches Survey 2024?

If you aren’t aware of The Cyber Security Breaches Survey 2024, it’s essentially an annual survey encapsulating the latest developments and statistics in the cybersecurity industry. The UK government conducts each annual edition, and the survey aims to generate outcomes based on the extensive research they carried out between September 2023 and January 2024.

The report aims to serve as a tangible piece of content covering how organisations approach cybersecurity during the designated period. It also provides insights into the challenges businesses, charities, and other organisations face in safeguarding their digital assets in today’s tumultuous landscape.

Key Findings

Prevalence of Cyber Threats Remains High

Perhaps the most staggering statistic out of the entire survey is that 50% of businesses and approximately 32% of charities reported experiencing some form of cybersecurity breach or attack in the last months. Yes, you heard that right. Half of the businesses and nearly a third of the charities who took part in the survey reported that they’d encountered a cyber-related incident or a cyber-related attempt to exploit their business. This highlights the considerable risk that all organisations face in experiencing some form of cybersecurity breach or attack.

Cost Implications Are Crippling

The cost implications of cyber-attacks can be crippling. This year’s edition of The Cyber Security Breaches Survey reveals that the average cost per victim ranges from £460 for charities to £10,830 for medium and large businesses – thus hitting home the huge financial ramifications that can be imposed on all kinds of organisations from cyber-attacks, whilst also emphasizing that cybersecurity must be taken seriously.

Implementing Cyber Hygiene Measures

The UK government has used this report to recommend that organisations adopt a set of “cyber hygiene” measures to protect themselves. 

Cyber Hygiene: For those unfamiliar with the term, cyber hygiene refers to the practices and steps taken by users to ensure their own safety, that of others, and that of the organisations they work for in a personal or professional capacity.

• Cyber Hygiene Analogy: You can think of it in the same vane as washing your hands after using the bathroom to ward off any nasty germs. Instead of washing your hands with soap and hot water, cyber hygiene involves having strong, secure passwords, regularly updating your software and applications, and advocating safe online behaviour (avoiding clicking on suspicious links or files).

The Cyber Security Breaches Survey 2024 indicates a marked increase in the deployment of cyber hygiene measures among businesses, with “a majority of businesses and charities having a broad range of these measures in place.” The most common measures are updated malware protection, password policies, cloud backups, and restricted admin rights for employees.

It’s great to see that businesses are rising to the occasion by combating the prevalence of cyber-attacks with measures such as cyber hygiene; around 70% of businesses and 50% of charities have decided to implement cyber hygiene practices.

Board Engagement and Governance

Although this finding may not necessarily be relevant to smaller to mid-sized businesses, it still highlights how approaches to cybersecurity have become more sophisticated in larger organisations. Seventy per cent of businesses and sixty-three per cent of charities report that cybersecurity is a high priority in the boardroom.

The very fact that the conversations around cybersecurity have moved from the IT department to the organisational hierarchy is a testament to the massive shift we have witnessed as cyber criminals start to burn increasingly bigger holes in the pockets of large corporations. However, when you begin to look into the losses and potential damages at stake, it’s a no-brainer why investing in cybersecurity defence and strategy should be paramount for all businesses, regardless of size and budget.

Taking Incident Response Seriously

Another staggering finding from this report is that while most larger organisations claim to have incident response plans, the reality is quite different. The consequences (prolonged periods of downtime or a reduction in productivity) of not having a robust cyber incident response plan could have detrimental consequences for any organisation.

If you need help developing a robust cybersecurity response for your organisation, simply contact one of our team members. They’ll be more than happy to guide you toward a more comprehensive approach to cybersecurity.

Prioritise Your Organisation's Protection Against Phishing

Unfortunately, we now live in a world where nothing can be taken at face value; behind each seemingly sweet intention is a potentially malicious or harmful motive. The Cyber Security Breaches Survey 2024 estimates that UK businesses have experienced approximately 7.78 million cybercrimes, with the majority (98.51%) being phishing attacks.

Phishing Definition: Phishing is a cybercrime in which someone pretends to be a legitimate institution (like a bank or company) and tricks individuals into revealing sensitive business information. They may do this by targeting users via email, text messages, or phone calls. Their primary goal is to obtain personal data (bank account details/passwords, etc.) that they can leverage to their advantage.

Seven Common Signs of Phishing

Protecting yourself against phishing is all about prevention. Firstly, always be on the lookout for the signs of phishing, such as:

1. An Unfamiliar Tone or Greeting: Pay attention to the language used by users you’d assume to be colleagues or family members. If they sound overly friendly or too formal, that could be a red flag.
2. Suspicious Sender Email Address or Domain: Always be on the lookout for unusual or unofficial domains that may contain spelling errors. You can take extra precautions by verifying that the sender’s name matches the email address in question.
3. Unusual Requests for Personal or Financial Information: It’s never a good sign if you start receiving emails requesting personal information such as credit card credentials or login details. Legitimate organisations have wizened up to the threat of phishing and subsequently resort to other means to deal with personal information.
4. Urgent or Threatening Language: Cybercriminals will leverage phishing to create a sense of urgency or fear that prompts quick action from the victim. If you’re receiving threatening messages regarding potential legal consequences or account closure, the safe bet would be to ignore them completely.
5. Poor Grammar or Spelling Errors: A telltale sign of a phishing email is messages which contain grammatical mistakes or misspellings. Review any suspicious emails carefully to be aware of these telltale signs.
6. Avoid Suspicious Attachments or Links: Avoid opening attachments or clicking on links from unknown sources at all costs. If something looks or sounds dodgy, it usually is.
7. Generic Greetings or Lack of Greetings: According to the 2024 Cyber Report, 7.78 million cybercrimes are committed annually, which works out to 21,315 crimes per day. Cybercriminals don’t have time to personalise their emails, so if they contain generic terms such as “valued customer” or “dear friend,” it’s probably too good to be true.

How to Respond to a Phishing Attempt

If you encounter any of the telltale phishing signs we’ve listed above, we recommend the following step-by-step action plan to keep you in check.

• Don’t Panic: This is arguably the most important step. Don’t give in to your impulses; stay calm and avoid clicking any links or downloading any attachments you may have come across.
• Verify the Source: If the scammers have chosen to pose as someone or a company you work with, contact that person or organisation via an alternate email address, text, or phone call to verify its legitimacy.
• Do Not Reply: Avoid any kind of response. Replying to the email could mark you down as a potential target in future phishing attempts.
• Report the Email: It’s always a good idea to flag any suspicious emails that end up in your inbox. We recommend that users report the email to relevant parties within their organisation (people in security-related roles or departments) upon discovering it.
• Stay Informed: Last, but by no means least, take the time to familiarise yourself with the telltale signs of phishing to recognise future attempts. Learn more about our ‘How to Spot a Phishing Email’ blog.

Closing Statements

We hope that you’ve found this blog post informative and engaging. It’s always a good idea to read up on the ever-evolving nature of cybersecurity to ensure that you take the necessary steps and precautions to protect your business from cybercriminals in today’s society.

As indicated in this year’s report, there’s never been a better time to invest in robust cybersecurity measures for your business. Failing to do so could have cataclysmic consequences.

Luckily, our cybersecurity experts at Netitude offer an extensive range of the latest and greatest cyber defences. Want to find out more? Book a meeting with our Managing Director, Adam Harling, and together, we’ll discuss how you can start taking the right steps to protect your business against today's cyber criminals.