Half of UK businesses had no security policies in place in 2020

Businesses struggled to keep track of devices or employees during the pandemic, DCMS finds

Fewer UK organisations are deploying protective measures, such as security monitoring tools and up-to-date antivirus software, despite the heightened security risk during 2020.

The proportion of businesses and charities using security monitoring tools fell from 40% in 2019 to 35% in 2020, mirroring a fall in the use of employee monitoring from 38% to 32%, according to a report by the Department for Digital, Culture, Media and Sport (DCMS).

This is alongside a reduction in the number of organisations using up-to-date antivirus software, from 88% to 83%.

Overall, only 52% of businesses and 47% of charities enacted one or more cyber security measures in 2020, including using monitoring tools, conducting risk assessments, testing staff, conducting audits, penetration testing, or investing in threat intelligence.

This decline in overall cyber resilience coincides with an escalation in security risk due to the COVID-19 pandemic. Studies have shown that phishing and ransomware attacks rose significantly during 2020, for instance, while the business landscape was shaken by several high-profile incidents including a devastating attack on SolarWinds' supply chain.

The DCMS also found that 39% of businesses and 26% of charities reported breaches or attacks during 2020, with factors like remote working making securing IT environments more challenging.

In her first speech today as newly-appointed NCSC CEO, Lindy Cameron warned businesses not to be complacent about cyber security in light of emerging trends, including those highlighted by this report.

“Cyber security is still not taken as seriously as it should be, and simply is not embedded into the UK’s boardroom thinking,” Cameron said. “The pace of change is no excuse – in boardrooms, digital literacy is as non-negotiable as financial or legal literacy. Our CEOs should be as close to their CISO as their Finance Director and General Counsel.

“Recent global cyber incidents involving SolarWinds and Microsoft Exchange have shown, in different ways, the range of cyber threats we currently face. As our reliance on technology grows, it sadly also presents opportunities for those who want to do us harm online.”

The DCMS' report outlined how dealing with COVID-19 posed a major challenge to UK organisations during 2020, and contributed to a reduced focus on cyber security.

The rise of remote working, video conferencing, and a transition from paper to digital record-keeping required rapid changes in digital infrastructure, including issuing laptops or setting up virtual private networks (VPNs) for staff. This pace of change, however, led to glaring issues for a handful of businesses.

Direct user monitoring was generally much harder where employees were working remotely, which delayed organisations from catching and dealing with cyber attacks, the report said.

Large organisations, in particular, found dealing with hardware and software changes more difficult, given the sudden surge in the number of endpoints to manage. Retrieving and updating hardware, too, was difficult considering staff were distributed.

The pandemic also stretched resources and led to competing priorities, the report concluded. In some cases, there was a perceived conflict between prioritising IT service continuity, and aspects of security, such as patching. A reduction in personnel and time also meant it was much harder to carry out security awareness training.

Once resource bottlenecks eased, senior management typically prioritised business continuity over cyber security, with a lack of acknowledgement that security itself should be a key component of business continuity, the report found.

Related Resource

Taking a proactive approach to cyber security

A complete guide to penetration testing

A complete guide to penetration testing - whitepaper from CyberCxDownload now

The DCMS' conclusions echo the views of experts in the field. Security professionals speaking on a panel discussion hosted by Orange Cyberdefense last month, blasted the “head in the sand” approach many organisations, particularly small and medium-sized businesses (SMBs), took to cyber security in 2020.

They agreed that some SMBs were undermining security efforts by failing to routinely patch newly-adopted technologies, as well as paying ransom demands against the advice of security experts.

“Prior to the pandemic, we saw that many small businesses and SMBs had very much a ‘head in the sand’ approach to cyber security, with a lot thinking they didn’t need to take it seriously,” said CEO and founder of the UK Cyber Security Association Lisa Ventura.

“But today, with the move to getting everybody working from home quickly last year, from a business continuity perspective, we’re seeing more small businesses and SMBs finally starting to take their cyber security posture much more seriously.”

Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021