2023 Cyber Survey Published

02 May 2023

Since last week’s Scottish Engineering Herald article on Cyber Risks, the 2023 updated UK Cyber Survey has been released, prompting this article on practical steps to take to manage cyber risk for your business.

What action should my business take?

No Cyber Security plan is 100% secure, it is not possible, so resilience, dealing with attacks and recovery plans are crucial to limiting impact. All businesses are potential targets of cyber attacks, if you have network-connected devices then you should understand the threats and how to mitigate them. A high number of attacks are still basic though: of businesses that have reported a cyber crime in recent government statistics, 89% list phishing attacks and 12% viruses, spyware or malware as the source, and these are essentially old-school type attacks:

(% organisations experiencing cyber-crime and aware of guidance initiatives or communications)

So how do you prepare your defence against these threats? Governmental agencies have 3 high-profile schemes to facilitate improved cyber security but awareness of these is still low within many organisations. They are:

Cyber Aware offers simple advice to help small businesses and citizens stay safe online.
The Cyber Essentials Scheme, linking to the IASME Cyber Essentials Readiness Questions which can be completed online in 20 minutes and will give you an action plan to follow that will address major areas of threat.
10 Steps to Cyber Security guidance aims to help organisations manage their cyber security risks by breaking down the task of protecting the organisation into 10 components Working through these will help a company progress if they wish towards Cyber Essentials Accreditation

All contain guidance on preventing preparing and responding to attacks, and focus on the basic guidelines, policies and plans that most businesses should be able to implement. Of those companies who reported the types of cyber-crime listed above, low uptake of these programmes is a common theme for the majority of companies reporting these impacts, and it should be noted that the highest awareness is for Cyber Aware, a fairly lightweight audit tool with limited impact. The Head of Commercial Assurance Services at the National Cyber Security Centre NCSC, recently reported that they “still view Cyber Essentials as the minimum standard for cyber security in the UK”. Why not try the basic readiness questions as a gauge of your organisation’s security posture?