Almost half of businesses have experienced a cyberattack or data breach in the past year – and almost all of the organisations that know they’ve been on the receiving end of attacks have reported being targeted by phishing and other fraudulent emails as the volume of these attacks continues to rise.
The larger the organisation, the more likely it is that they will have identified a data breach or cyberattack – partly because they’re going to be viewed as a more valuable target for cyber criminals and partly because they’re more likely to have the finances and resources to implement a cybersecurity programme that helps them spot intrusions.
The figures have been released as part of the Cyber Security Breaches Survey 2020, which aims to understand business awareness and attitudes towards data protection and security, and is commissioned by the Department for Digital, Culture, Media and Sport (DCMS). The statistics are based around the detection of successful and unsuccessful cyberattacks.
A total of 86% of businesses said they’ve identified phishing emails, demonstrating how phishing is still very much the top means of attack for hackers – and the number of detected phishing attacks is higher than ever before. In 2017, just 72% of organisations detected phishing attacks.
A quarter of organisations say they’ve identified fraudsters impersonating their organisation in emails sent to the general public or pretending to be their company by using a fake website.
For charities, this rises to 39% of organisations having identified that they’re being impersonated online – the reason for this is that people donate to charities through their websites, so cyber criminals attempt to mimic charities in an effort to steal bank details and other personal data.
Meanwhile, one in ten businesses said they were subjected to hacking or attempted hacking of their online bank accounts as cyber criminals attempted to get directly to the source of company finances.
Malware accounted for 16% of cyber incidents over the course of the past year and ransomware attacks were detected by 8% of organisations surveyed. The number of malware and ransomware incidents has halved since 2017, but that doesn’t mean that the attacks are any less of a problem.
If anything, they’re more dangerous than ever, as cyber criminals spend weeks or months planning campaigns after gaining access to networks – this is particularly the case with ransomware, which is seeing hackers demanding bigger ransoms from victims after they’ve crippled entire networks.
Unauthorised use of computer networks or servers by outsiders was detected by 6% of organisations, while unauthorised use of computers, networks or servers by staff was identified by 3% of organisations.
However, it’s likely that the number of attacks could be higher, as the survey depends on organisations knowing about the incidents and choosing to report them – and some businesses might not have done one or both of those.
“There are likely to be hidden attacks, and others that go unidentified, so the findings reported here may underestimate the full extent of the problem,” the paper warned.