Carbon Black Threat Report: “88% of UK businesses surveyed suffer cyber breach during last 12 months”

Endpoint security specialist Carbon Black has just released the results of its second UK Threat Report. The research indicates that the UK’s cyber threat environment is intensifying. According to the report, attacks are growing in volume, while the average number of breaches has also increased. The report analyses survey results from different vertical sectors, organisation sizes and IT team sizes to build a picture of the modern attack and cyber defence landscape in the UK.

When it comes to key survey research findings, 88% of UK organisations reported suffering a breach in the last 12 months. The average number of breaches per organisation over the past year was 3.67. 87% of organisations have seen an increase in attack volumes, with 89% of organisations saying attacks have become more sophisticated. 93% of organisations now plan to increase spending on cyber defence.

Compared with the previous report, published in September, the average number of breaches has increased from 3.48 to 3.67. 5% and more organisations have seen an increase in attack volumes.

100% of Government and local authority organisations surveyed reported being breached in the past 12 months, suffering 4.65 breaches on average. 40% have been breached more than five times. In the private sector, the survey indicates that financial services are the most likely to report a breach, with 98% of the surveyed companies reporting breaches during the past 12 months.

“We believe our second UK Threat Report underlines that UK organisations are still under intense pressure from escalating cyber attacks,” said Rick McElroy, head of security strategy for Carbon Black. “The report suggests that the average number of breaches has increased. As threat hunting strategies start to mature, we hope to see fewer attacks making it to full breach status.”

Weakest link in cyber security

According to the report, malware remains the most prolific attack type in the UK, with more than a quarter (27%) of organisations naming it the most commonly encountered. Ransomware holds second position (15%). However, the human factor plays a part in the attacks resulting in breaches.

Phishing attacks appear to be at the root of one-in-five successful breaches. When combined, weaknesses in processes and outdated security technology were reported factors in a quarter of breaches, indicating that failures in basic security hygiene continue to be high risk vectors that organisations should address as a priority. 

Organisations across all sectors reported increases in the volume of attacks during the past 12 months. However, of those organisations surveyed, Government and local authority concerns saw particularly high increases, with 40% noting more than a 50% increase in the number of attacks. Similarly, in the healthcare sector, 29% of respondents noted increases of 50% or more.

A silver lining here is that 6% more of the organisations plan to increase cyber security spending compared to six months ago. 

Delivering on its promise

60% of UK organisations surveyed said they are actively threat hunting, with more than a quarter (26%) doing so for a year or more. A very encouraging 95% reported that threat hunting has strengthened their defences.

The survey results suggest that threat hunting is most mature in the financial services sector, with 53% of organisations questioned having threat hunted for more than a year.

“We believe threat hunting is an integral part of a mature security posture,” added McElroy. “It’s encouraging to see the numbers here continuing to climb.”

Click here to download the full report from Carbon Black

*The survey was undertaken last month by independent research organisation Opinion Matters. More than 250 UK Chief Information Officers (CIOs), Chief Technology Officers (CTOs) and Chief Information Security Officers (CISOs) were surveyed from companies in a range of industries including finance, healthcare, Government, retail, manufacturing, food and beverage production, oil and gas, professional services and media and entertainment

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts