ICAS ICAS logo

Quicklinks

  1. About Us

    Find out about who we are and what we do here at ICAS.

  2. Find a CA

    Search our directory of individual CAs and Member organisations by name, location and professional criteria.

  3. CA Magazine

    View the latest issues of the dedicated magazine for ICAS Chartered Accountants.

  4. Contact Us

    Get in touch with ICAS by phone, email or post, with dedicated contacts for Members, Students and firms.

Login
  • Annual renewal
  • About us
  • Contact us
  • Find a CA
  1. About us
    1. Governance
  2. Members
    1. Become a member
    2. Newly qualified
    3. Manage my membership
    4. Benefits of membership
    5. Careers support
    6. Mentoring
    7. CA Wellbeing
    8. More for Members
    9. Area networks
    10. International communities
    11. Get involved
    12. Top Young CAs
    13. Career breaks
    14. ICAS podcast
    15. Newly admitted members 2022
    16. Newly admitted members 2023
  3. CA Students
    1. Student information
    2. Student resources
    3. Learning requirements
    4. Learning updates
    5. Learning blog
    6. Totum Pro | Student discount card
    7. CA Student wellbeing
  4. Become a CA
    1. How to become a CA
    2. Routes to becoming a CA
    3. CA Stories
    4. Find a training agreement
    5. Why become a CA
    6. Qualification information
    7. University exemptions
  5. Employers
    1. Become an Authorised Training Office
    2. Resources for Authorised Training Offices
    3. Professional entry
    4. Apprenticeships
  6. Find a CA
  7. ICAS events
    1. CA Summit
  8. CA magazine
  9. Insight
    1. Finance + Trust
    2. Finance + Technology
    3. Finance + EDI
    4. Finance + Mental Fitness
    5. Finance + Leadership
    6. Finance + Sustainability
  10. Professional resources
    1. Anti-money laundering
    2. Audit and assurance
    3. Brexit
    4. Charities
    5. Coronavirus
    6. Corporate and financial reporting
    7. Business and governance
    8. Ethics
    9. Insolvency
    10. ICAS Research
    11. Pensions
    12. Practice
    13. Public sector
    14. Sustainability
    15. Tax
  11. CPD - professional development
    1. CPD courses and qualifications
    2. CPD news and updates
    3. CPD support and advice
  12. Regulation
    1. Complaints and sanctions
    2. Regulatory authorisations
    3. Guidance and help sheets
    4. Regulatory monitoring
  13. CA jobs
    1. CA jobs partner: Rutherford Cross
    2. Resources for your job search
    3. Advertise with CA jobs
    4. Hays | A Trusted ICAS CA Jobs Partner
    5. Azets | What's your ambition?
  14. Work at ICAS
    1. Business centres
    2. Meet our team
    3. Benefits
    4. Vacancies
    5. Imagine your career at ICAS
  15. Contact us
    1. Technical and regulation queries
    2. ICAS logo request

2019 UK Cyber Security Breaches Survey

  • LinkedIn (opens new window)
  • Twitter (opens new window)
By Alan Simpson CA

5 February 2020

Main points:

  • The Cyber Survey is a UK Official Statistic which is undertaken annually.
  • The 2019 Survey found that 32% of businesses and 22% of charities suffered cyber security breaches in the previous 12 months.
  • Comparatives from the 2018 survey were that 43% of businesses and 19% of charities had experienced cyber security breaches.

Alan Simpson CA highlights some of the key findings from the latest cyber security breaches survey.

Cyber security attacks can seriously damage the operations and reputation of any organisation. Statistics on the most common type of cyber security breaches in the UK are now gathered annually (since the initial survey in 2016) for the Department for Digital, Culture, Media and Sport (DCMS) which commissions the Cyber Security Breaches Survey of UK businesses and charities as part of the National Cyber Security Programme. The survey is classed as an Official Statistic and is produced to the standards required in the Code of Practice for Official Statistics. The purpose of this statistic is to measure how UK businesses and charities deal with the need for cyber security and the effect of breaches of their security.

This latest survey was undertaken for DCMS by Ipsos MORI together with the Institute for Criminal Justice Studies at the University of Portsmouth and was published in April 2019. It surveys sample data collected in late 2018/early 2019.

The sample used in the survey

A random probability telephone survey was undertaken between 10 October and 20 December 2018 of 1,566 UK businesses and 514 UK registered charities. Additionally, a further 52 detailed interviews were carried out in January and February 2019 to gain further details from organisations that participated in the earlier 2018 survey above. Public sector bodies (which clearly represent a large part of the UK economy) and sole traders were excluded. The survey publishes its findings in four categories:

  • UK businesses and charities overall
  • Medium and large businesses
  • Micro and small business findings
  • Charities (ranked by the categories of low income, middle income and high income).

Occurrence of cyber security breaches

It is encouraging to see there has been an improvement with a small decrease in breaches occurring in 2019 compared with that in 2018.

  • Overall, 32% of businesses and 22% of charities reported having suffered such breaches during the previous 12 months. (The comparative figures for 2018 were 43% for business and 19% for charities.)
  • For large businesses (defined as those with ≥250 employees), in 2019 this was 61% (in 2018 it was 72%).
  • In the largest charities (defined as those with an annual income of £5 million or more) it was 65% (in 2018 it was 73%).
  • In the 2019 survey, 78% (2018: 74%) of businesses and 75% (2018: 53%) of charities stated that cyber security was a high priority for their senior management. However, staff have had cyber security training in only 27% of businesses and 29% of charities.
  • Both businesses and charities have made increased efforts to improve their cyber security as a result of GDPR (General Data Protection Regulation) being enacted with 30% of businesses and 36% of charities having made such changes in 2019.

Out of the 32% of businesses experiencing such attacks or breaches in 2019:

  • 32% required new measures to repel possible future attacks
  • 27% took up staff time dealing with attacks
  • 19% had staff unable to carry out their daily work
  • 48% identified at least one breach or attack per month.

Out of the 22% of charities having cyber attacks or breaches in 2019:

  • 29% required new measures to repel possible future attacks
  • 32% took up staff time dealing with attacks
  • 21% had staff unable to carry out their daily work
  • 39% identified at least one breach or attack per month.

What is the average annual cost of cyber breaches or attacks?

The direct costs of a cyber security breach may include the loss of data and/or assets, repair and recovery costs and loss of revenue if customers are unable to access online services. In addition, there can also be indirect costs such as lost productivity of employees and reputational damage to the organisation. The survey gives some information on the cost of breaches by size of the organisation surveyed as follows:

  • The average cost to businesses overall in 2019 was £4,180. This was higher than both 2018 (£3,160) and 2017 (£2,450).
  • For micro/small businesses in 2019 it was £3,650.
  • For medium-sized businesses in 2019 it was £9,270.
  • For large businesses it was £22,700 in 2019.
  • For all categories of charity in 2019 it was £9,470.

Most common types of cyber attacks

The businesses and charities surveyed experienced these types of attacks.

  • “Phishing” – that is attempts to obtain sensitive or commercially confidential information by an impostor masquerading as a legitimate and trustworthy party through the action of sending an email or other electronic communication to the intended victim. This was experienced by 80% of the businesses surveyed and 81% of the charities.
  • Impersonating an organisation in emails or online (e.g. purporting to be HMRC or an entity’s bankers by using a spoof website and website address). This was experienced by 28% of the businesses and 20% of the charities.
  • Viruses, spyware or malware. This affected 27% of the businesses and 18% of the charities.

These findings are similar to those reported in the 2018 survey.

Survey conclusions

  • Cyber security is now seen by management in both business and charities as a higher priority than previously.
  • Many more organisations are taking steps to identify the risks they face from cyber crime and are then developing defences against it.
  • More businesses now have board members charged with specific responsibility for cyber security.
  • The introduction of GDPR has tended to hasten the rate of change towards improving cyber security.
  • However, worryingly, relatively few organisations have assessed the risk of cyber attacks in their supply chain.

Lugo are holding free Cyber Resilience Workshops for Accountants.

Find out more on their website.

Book now


Do you have any comments or would you like to further discuss the issues raised in this article? Please join us on CA Connect - an area exclusive for our members. Here you can share your thoughts on this article and engage in discussions with fellow members.

CA Connect

2022-01-xero 2022-01-xero
ICAS logo

Footer links

  • Contact us
  • Terms and conditions
  • Modern slavery statement
  • Privacy notice
  • CA magazine

Connect with ICAS

  • Facebook (opens new window) Facebook Icon
  • Twitter (opens new window) Twitter Icon
  • LinkedIn (opens new window) LinkedIn Icon
  • Instagram (opens new window) Instagram Icon

ICAS is a member of the following bodies

  • Consultative Committee of Accountancy Bodies (opens new window) Consultative Committee of Accountancy Bodies logo
  • Chartered Accountants Worldwide (opens new window) Chartered Accountants Worldwide logo
  • Global Accounting Alliance (opens new window) Global Accounting Alliance
  • International Federation of Accountants (opens new window) IFAC
  • Access Accountancy (opens new window) Access Acountancy

Charities

  • ICAS Foundation (opens new window) ICAS Foundation
  • SCABA (opens new window) scaba

Accreditations

  • ISO 9001 - RGB (opens new window)
© ICAS 2022

The mark and designation “CA” is a registered trade mark of The Institute of Chartered Accountants of Scotland (ICAS), and is available for use in the UK and EU only to members of ICAS. If you are not a member of ICAS, you should not use the “CA” mark and designation in the UK or EU in relation to accountancy, tax or insolvency services. The mark and designation “Chartered Accountant” is a registered trade mark of ICAS, the Institute of Chartered Accountants of England and Wales and Chartered Accountants Ireland. If you are not a member of one of these organisations, you should not use the “Chartered Accountant” mark and designation in the UK or EU in relation to these services. Further restrictions on the use of these marks also apply where you are a member.

ICAS logo

Our cookie policy

ICAS.com uses cookies which are essential for our website to work. We would also like to use analytical cookies to help us improve our website and your user experience. Any data collected is anonymised. Please have a look at the further information in our cookie policy and confirm if you are happy for us to use analytical cookies: