The sixth annual Cyber Security Breaches Survey

The UK Government has released its annual survey on cyber security breaches, which reveals that whilst cyber security remains a priority, businesses and charities continue to face challenges in striking a balance between cyber security and business continuity in the face of the pandemic.

As we identified in March last year, a number of factors linked to the pandemic have significantly increased the cyber security risk faced by organisations. One year on, the UK Government's Department for Digital, Culture, Media & Sport has published its sixth annual Cyber Security Breaches Survey 2021 (the "Survey"), which provides a useful insight into how organisations have reacted to these challenges. The Survey was carried out in winter 2020/21, and therefore captures the experiences of businesses, charities and education institutions at what was (hopefully) the peak of COVID-19 induced lock-down and remote working.

Businesses and charities are "overwhelmingly" reporting that cyber security remains a high priority in their organisation since the first UK lockdown in March 2020. However, the pandemic has stretched resources and made it harder to keep on top of the hardware, software and systems upgrades required to ensure protection against cyber-threats; fewer respondents than last year reported that they had implemented up-to-date malware protection or deployed security monitoring tools.

One of the more interesting themes coming out of the Survey was the perceived tension between the increased need for continuity and flexibility in the face of the pandemic on the one hand, and cyber security on the other. Employees who work remotely are increasingly relying on new technology, software and platforms to stay productive, including some which are traditionally regarded as posing cyber-security risks (e.g. SharePoint). Some respondents said they were moving away from restricting access to these technologies and towards finding ways for staff to use them securely, whilst others suggested that staff members continuing to work from home would need to take more personal responsibility for cyber security. Both approaches will, of course, require caution and careful monitoring.

There was an emphasis in the Survey on continuous improvement and integration of new tech (as compared to the step change brought about by the GDPR in 2018) -- for example on rolling out multi-factor authentication, adjusting processes to cover Software as a Service (SaaS), improving monitoring and upgrading IT infrastructure. As businesses adapt to the hybrid style of working likely to prevail in the coming months, such an approach will continue to be instrumental to effective cyber risk management procedures, which will need to provide the flexibility to facilitate changing working practices whilst ensuring that they are equipped to respond to the latest threats.

For more information, see the full Survey and accompanying infographic.