20 Key Statistics For 20 years of Cyber Security Awareness Month

As of June 2023 it has been 20 years since experts at GCHQ were involved in the response and mitigation of a cyber attack against a UK government department for the first time. Since this date, cyber security and our awareness of cyber attacks has developed significantly. The past two decades have demonstrated just how fast technology can change our lives, however bringing with it is the negative side of our ever connected lives. Cyber attacks have risen astronomically, posing a big threat across public and private sectors.

As October 2023 is the 20th anniversary of Cyber Security Awareness month, this year we have put together some, 20 in fact, thought-provoking statistics detailing the importance of cyber security awareness within UK businesses. This article is sourced from government documents, including the recent Cyber Security Breaches Survey (2023).
 
(To review the source of information and to understand the sample size, please refer to the document on the Government website).
 

Statistics:

1. 50% of UK businesses have a basic skills gap including technical skills, incident response and governance skills needed to manage their cyber security.

 

2. 84% of businesses added the cyber security responsibilities into an existing non-cyber related job role (such as IT personnel) to try and fill the gap.

 

3. In a third of large businesses, it is either the IT director (12%) or an IT manager, technician or administrator (20%), looking after cyber security.

 

4. 49% of businesses and 44% of charities report seeking information or guidance on cyber security from outside their organisation in the past year.

 

5. Around seven in ten businesses (71%) and six in 10 charities (62%) report that cyber security is a high priority for their senior management. Interestingly, this has shown a decrease from the year prior.

 

6. It is more common for larger businesses to say that cyber security is a high priority.

 

7. The finance and insurance, professional, scientific and technical, and the information and communications industries were found to place cyber security as a higher priority than most.

 

8. 83% of small businesses say cyber security is a high priority (vs. 87% in 2022) and 91% of medium businesses say this (vs. 92% in 2022). Indicating a small decrease.

 

9. Three in ten businesses (30%) and a similar proportion of charities (31%) have board members or trustees taking explicit responsibility for cyber security as part of their job.

 

10. Only 30% of businesses and 19% of charities have used specific tools designed for security monitoring.

 

11. However, 53% of medium businesses and 72% of large businesses had used security monitoring tools, meaning the percentage for smaller businesses is significantly lower.

 

12. As a result, 51% of medium sized and 63% of large businesses respectively had undertaken cyber security-related risk assessments.

 

13. Just 13% of businesses and 11% of charities say they review the risks posed by their immediate suppliers, with even fewer looking at their wider supply chain (8% business and 6% charities).

 

14. One quarter of medium businesses (27%) and more than half of large businesses (55%) review the cyber security risks posed by their immediate suppliers. However, it is still relatively rare for these businesses to review their wider supply chain.

 

15. Only 49% of medium businesses and 36% of high-income charities have a formal cyber security strategy in place. 68% of large businesses have a plan in place which is still low for the size of their operations and attack surface.

 

16. Just under four in ten businesses (37%) and a third of charities (33%) report being insured against cyber security risks in some way.

 

17. One-fifth of respondents from businesses (20%) and charities (18%) did not know if their employer had any form of cyber security insurance, despite the survey being answered by the person responsible for cyber security.

 

18. For medium businesses, there’s been a drop in the proportion saying they have security controls on their devices (from 91% in 2022 to 79%). Plus, a drop in agreed processes for phishing emails (from 86% to 78%).

 

19. Results from the survey show that in the 12 months prior to the survey, just under two-fifths of businesses (18%) and charities (17%) overall have provided some form of staff awareness training.

 

20. The number of businesses with patch management policies, for applying security updates within 14 days of release, has decreased from 2022 which was at 39% to 31% in 2023.

Cyber Security Trends:

The figures above demonstrate how important it is to carry on celebrating the awareness month each year, particularly due to the threat landscape constantly evolving and advancements in technology / security controls helping organisations to stay protected against attack.

Another trend is how businesses continue to have a cyber security skills gap. However, they are seeking further support / information about cyber security from teams of experts as they’re seeing security as a priority for businesses, which is a step in the right direction.

At Data Connect, we will continue to share current cyber security trends and information to help businesses stay informed and improve their cyber resilience. This information links directly to the services we provide, including managed firewalls, vulnerability management, awareness training, Cyber Essentials certification and managed detection and response (MDR).

For more information about our end-to-end cyber security services and our vSOC Connect Console, please get in touch with our dedicated team. We would also be interested in hearing about the cyber security questions or areas you’d like covering in the future.
 
Happy 20th anniversary to the Cyber Security Awareness Month!