Out-Law News 3 min. read

Money or data stolen in a fifth of cyber cases


Money or data is stolen in nearly a fifth of all cybersecurity breaches or attacks that businesses identify, a survey carried out on behalf of the UK government has found.

However, the government said the results from the cyber security breaches survey 2020 show that organisations are becoming "more resilient to breaches and attacks over time" and recovering faster from breaches when they do occur.

According to the survey results, 46% of businesses surveyed experienced a cybersecurity breach or attack in the last 12 months. Of those cases, 19% resulted in the business losing money or data. Other negative outcomes, such as businesses requiring new measures, having staff time diverted or experiencing wider business disruption, were reported in 39% of those cases.

The results of the survey, which has been conducted annually since 2016, have been gathered from 1,348 businesses of varying sizes. A further 337 charities were also surveyed.

It is important that employers are cognisant of the risk of phishing and other attacks on networks, systems and data, particularly at this time when they are managing the impact of the coronavirus crisis and many employees may be working remotely

Birdsey said: "Cyber insurance is an increasingly common part of the cyber solution, which enables affected organisations to respond promptly and effectively to a cyber event. Amongst other benefits, cyber policies often provide the insured with access to a network of specialists, such as IT forensic, legal and PR experts, who can help them manage and respond effectively to cyber incidents when they occur."

"While businesses have legal obligations to provide for appropriate security of data and, in some cases where critical infrastructure is involved, to protect against infiltration of networks and systems, the sophistication of attacks makes some breaches inevitable. Regulators, such as the UK's data protection authority – the Information Commissioner's Office (ICO) – and sectoral authorities such as the Financial Conduct Authority (FCA) and Charity Commission, are paying ever-closer attention to cyber events. Organisations should be prepared for their cybersecurity measures, policies and practices to come under scrutiny in the event of a breach, including their cyber incident response plans," he said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.