Littlefish Cyber Security User Education Awareness Header
Katy Hinchcliffe

About the author

Katy Hinchcliffe: Head of Cyber Security at Littlefish



Share via:

Latest Government Cyber Security Survey indicates Growing Awareness but Action Needed

08/04/2019


The latest Cyber Security survey from the Government’s Department for Digital, Culture, Media & Sport, released April 3rd, reports a greater understanding among organisations that cyber attacks cannot be prevented by common sense alone. But while the findings suggest that embedding knowledge and understanding of cyber security within management boards is a strong driver of behavioural change, over 40% of larger businesses still don’t have a board member with a cyber security brief. Yet.

The Cyber Security Breaches Survey is a quantitative and qualitative survey of UK businesses and charities, published annually since 2016. This version of the quantitative survey was undertaken in winter 2018, and the qualitative element in early 2019.

The survey – the first since GDPR was introduced – suggests that the enforcement of the data protection legislation from May 2018 encouraged and compelled many organisations to either engage formally with the topic, or in some cases, to strengthen their existing policies and processes. This has helped to raise greater awareness of cyber security issues.

A Big ‘But…’

The report suggests that the advent of GDPR is a mixed blessing, as the findings show that, while GDPR has played an important role in raising awareness, it may have unintentionally made organisations think of cyber security almost exclusively in terms of data protection. Meanwhile, advances in the number of staff attending training on cyber security may well be more due to the uptake of GDPR training, in which the actual cyber security content may only play a relatively small part.

Fewer Incidents, Harder Impact

Very few organisations (16% of businesses and 11% of charities) have formal cyber security incident management procedures in place. This continues to be the area in the Government’s ‘10 Steps to Cyber Security’ guidance where organisations are least likely to have taken action.

Overall, the data suggests that fewer businesses are identifying breaches or attacks, but the attacks that penetrate organisations’ defences and cause the most disruption, are also having more severe financial impacts than ever before.

Few Businesses with Written Cyber Policies

The report noted there was room for a more holistic approach to cyber security. While there has been progress since 2018 across organisations, only a minority of micro and small businesses have:

  • written cyber security policies or a formal incident management process;
  • arranged any form of cyber security training;
  • engage senior staff with a specific responsibility for cyber security as part of their job role.

Yet their users remain the most at threat (and the most susceptible) to phishing attacks, identified by 80% of these micro-SMEs and 81% of all charities as the most common threat.

 Only 27% Training Staff

There is still a large difference between the relatively low proportions sending staff on training (27% of businesses and 29% of charities) and the much higher proportions that feel they have no such skills-gap. This reflects other recent DCMS research on cyber security skills, which showed that many organisations lack an understanding of the technical requirements of a cyber security role.

Focus In-House to the detriment of Supply-Chains

Less than one in five businesses (18%) and one in seven charities (14%) require their suppliers to adhere to any cyber security standards. In the qualitative interviews, some had simply not considered suppliers as a potential source of cyber risk before, while others simply did not consider their suppliers’ cyber security to be their responsibility

Across all organisation sizes, only a minority of organisations demand even minimum cyber security standards from suppliers. Organisations reported this was an area where they would benefit from more guidance or checklists.

Finally, while more organisations have started to consider cyber security as a high priority over the years since the survey began three years ago, there has not been an equivalent increase in the number seeking out information and guidance, with many businesses suggesting they are reactive and ‘wait to be told’ or ‘expect to be informed’ by Government. In this dynamic and ever-evolving threat environment where incidents are affecting organisations of all types and sizes, assuming it won’t happen or waiting for disaster to strike before developing and validating your cyber security strategy is simply no longer an option.

If you can’t justify a full-time board-level cyber security professional but need strategic guidance and support, you do still have options: read our whitepaper to explore how to gain access to a Chief Information Security Officer without the fixed resource and recruitment challenges.

Read the full government report here – https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2019

Learn more about Littlefish’s Cyber Security Services here.

About Katy Hinchcliffe

Littlefish Head of Cyber Security Katy Hinchcliffe, is a highly regarded cyber security leader. With over a decade’s experience delivering a broad range of cyber security services to enterprise clients for global IT outsourcer Capgemini, notably managing the prevent, detect and respond functions on behalf of Rolls-Royce, Katy is now responsible for developing Littlefish’s Cyber Security practice.

Your People: Security Weakness or Effective Threat Warning System? Turn your biggest security risk into your biggest asset to help defend against potential cyber attacks. Download the 'Your People: Security Weakness or Effective Threat Warning System?' Whitepaper to to learn more. Download now



Read More
Littlefish CEO Steve Robinson

LDC backs Littlefish

02/04/2019

Managed IT Services Provider Littlefish has secured a minority investment from leading mid-market private equity investor LDC. The investment will ...


Read More

How can organisations use progressive phishing training to keep endpoints safe?

22/03/2019

Users are central to most phishing attacks, someone who, usually inadvertently, gives an attacker a foothold to exploit: users therefore ...


Read More

People Mean Progress for Littlefish

24/01/2019

Staying true to their #PeopleMatter ethos, Nottingham-based IT Managed Services Provider Littlefish, demonstrate their commitment to professional development, with the ...


Read More
Katy Hinchcliffe, Littlefish Head of Cyber Security

Meet Katy Hinchcliffe – Littlefish Head of Cyber Security

10/01/2019

Littlefish recently hired Katy Hinchcliffe as its new Head of Cyber Security, to spearhead the expansion of its Cyber Security ...


Read More
Katy Hinchcliffe, Littlefish Head of Cyber Security

Littlefish appoints Head of Cyber Security to lead Cyber practice expansion

08/01/2019

Littlefish has appointed Katy Hinchcliffe as its new Head of Cyber Security. Hinchcliffe, who joins Littlefish from Capgemini, where she led ...


Read More
Cafcass and Littlefish announce new contract

Cafcass appoints Littlefish to provide service integration and operational support service

13/12/2018

Cultural fit, service quality and flexible approach key to deal Littlefish supports Cafcass’ disaggregation and SIAM journey Complex transition successfully completed ...


Get in touch

To learn more about how our Managed IT Service solutions can be tailored to meet the needs of your business, contact us over the phone, email or via our Live Chat service.

 

Call Email Live Chat

Latest Government Cyber Security Survey indicates Growing Awareness but Action Needed

The latest Cyber Security survey from the Government’s Department for Digital, Culture, Media & Sport, released April 3rd, reports a ...

Katy Hinchcliffe
Katy Hinchcliffe
08/04/2019
Read More
Littlefish Cyber Security User Education Awareness Header
Featured Article
Read More
Littlefish CEO Steve Robinson

LDC backs Littlefish

Managed IT Services Provider Littlefish has secured a minority investment from leading mid-market private equity investor LDC. The investment will ...

Simon Jenkinson
Simon Jenkinson
02/04/2019
Latest News
Read More

How can organisations use progressive phishing training to keep endpoints safe?

Users are central to most phishing attacks, someone who, usually inadvertently, gives an attacker a foothold to exploit: users therefore ...

Katy Hinchcliffe
Katy Hinchcliffe
22/03/2019
Latest News
Read More

People Mean Progress for Littlefish

Staying true to their #PeopleMatter ethos, Nottingham-based IT Managed Services Provider Littlefish, demonstrate their commitment to professional development, with the ...

Simon Jenkinson
Simon Jenkinson
24/01/2019
Latest News

Our Partners

aq_block_4
aq_block_5
aq_block_6
aq_block_7
aq_block_8
aq_block_10
aq_block_11
aq_block_12
aq_block_13
aq_block_14