20 Apr 2017

The Cyber Security Breaches Survey 2017 is published by the UK Government

The latest UK Government report details that nearly half (46%) of all UK businesses have identified at least one cyber security breach or an attack in the last 12 months. This only reinforces the fact that cyber crime is not going away, hackers are having success and many businesses do not have the necessary basics in place to best protect themselves.

Commissioned by the Department for Culture, Media and Sport (DCMS), the 2017 survey as part of the National Cyber Security Programme. It includes qualitative and quantitative findings in relation to UK businesses and their exposure to cyber security risks.

As you would expect, the number of businesses with a digital presence (the number of websites and social media pages) and the breadth of that presence has grown as well as the use of cloud services since the last report. It is also reported that 61% of businesses are now holding personal data on their customers electronically.  This combination without the right security in place is ideal for hackers.

Some key points from the report:

  • As in 2016, the majority of businesses (67%) have spent money on their cyber security, and this again tends to be higher among medium firms (87%) and large firms (91%).
  • Only half of all firms (52%) have enacted basic technical controls across the five areas laid out under the Government-endorsed Cyber Essentials scheme.
  • This means that 48% of businesses still do not have the basic protection in place or have not formalised their approaches to cyber security.
  • As far as getting the basic protection in place?
    • Only 37% of businesses have segregated wireless networks, or any rules around encryption of personal data.
    • Only 33% of businesses have a formal policy that covers cyber security risks or document these risks in business continuity plans, internal audits or risk registers (32%).
    • Only 29% of businesses have made specific board members responsible for cyber security.
    • Only 20% of businesses have had staff attend any form of cyber security training in the last 12 months.
    • Only 19% of businesses are worried about their suppliers’ cyber security.

The report also details the most common types of breaches:

72% of cases where firms identified a breach or attack are related to staff receiving fraudulent emails

33% of cases are related to viruses, spyware and malware

27% of cases are related to people impersonating the organisation in emails or online

17% of cases are related to ransomware.

This report highlights the need for not only the right technical measures in place, but also building awareness for all employees who are the gatekeepers to the business.

To read the complete 2017 Government report, click here.

If you are concerned about your business but not sure of where to start, a security assessment can be a great way to understand the vulnerabilities in your business to then implement a plan on eliminating weaknesses.

Want to discuss security further? Speak to one of our Security Team on 01727 843888 or email the team at