Cyber Security – your main line of defence or should it be your staff?

Published by Phil Reynolds on 12 April 2019

Share this article

The Department for Digital, Culture, Media and Sport (DCMS) has released statistics showing a reduction in the percentage of businesses suffering a cyber breach or attack in the last year. The 2019 Cyber Security Breaches Survey shows 32% of businesses identified a cyber security attack in the last 12 months – a decrease from 43% in the previous year.

However, these statistics come as a bit of a surprise as cyber-fraud continues to be prevalent in our everyday lives. Only the other day I received a very genuine looking email from TV Licensing informing me my direct debit payment had been declined. Before I clicked on any links, I checked my bank account and I could see that this was not the case.

It is believed that the reduction in attacks is partly due to the introduction of the new data laws under the Data Protection Act and General Data Protection Regulations (GDPR). Many businesses, charities and schools all rushed to ensure their cyber security policies and processes were updated when GPDR came into force last May.

Of course, GDPR will only help up to a certain point and that is why it is important to ensure that staff continue to remain up to speed on that subject. The most common breaches or attacks in the past 12 months have been phishing emails, followed by instances of others impersonating their organisation online, viruses or other malware including ransomware.

Action Fraud recently revealed the 12 most common subject lines used in phishing emails targeting organisations. These came from analysing some 360,000 phishing emails in a three month period!

Businesses, charities and schools should consider providing employees with training opportunities so that any phishing emails can be more easily identified – something we have done at Kreston Reeves to help protect our business. The Digital Minister Margot James recently said that “less than 3 in 10 companies have trained staff to deal with cyber threats.” Which indicates plenty of improvement is needed.

The DCMS have also revealed that over half of the breaches in the past 12 months have been identified by staff first, not software. The National Cyber Security Centre (NCSC) is now urging businesses, charities and schools to identify a “cyber security champion” to help motivate staff and provide them with the tools and support to raise awareness and implement good security measures.

Of the businesses that did suffer attacks, the median number of breaches has increased from 4 in 2018 to 6 in 2019. This indicates that those suffering cyber attacks and breaches appear to be experiencing more than in previous years. In addition, the cost of an attack has also increased by more than £1,000 since 2018 to £4,180 – a significant amount of money for any business, charity or school.

For charities, cyber security is a priority issue as the financial impact can be far greater alongside reputational damage. Although more charities are treating cyber security as a high priority – 75% in 2019 compared to 53% in 2018 – more needs to be done to be at the same level as businesses.

The NCSC has made available a number of documents for business and charity leaders to read to help make sure they don’t fall victim to cyber attacks. The documents can be found on their website here. These include a Board Toolkit providing advice to Board level leaders, and guides aimed at small businesses and small charities. These documents will also be useful for any “cyber security champions”.

The NCSC is also encouraging businesses to adopt the Ten Steps to Cyber Security to help them reduce the likelihood and cost of a cyber attack or cyber related data breach. There are also basic defences available to organisations who enrol on the Cyber Essentials Initiative.

Make sure you download your complimentary copy of Kreston’s Academies Benchmark Report 2019 here:

This year the report includes over 350 Trusts representing nearly 1000 schools and is based on those Academies that prepared financial statements for the period ended 31 August 2018 and which were audited by member firms of Kreston UK.

Share this article


Email Phil

    • yes I have read the privacy notice and am happy for Kreston Reeves to use my information

    View teamSubscribe

    Close Expand

    Subscribe to our newsletters

    Our complimentary newsletters and event invitations are designed to provide you with regular updates, insight and guidance.

      • Business, finance and tax issuesPersonal finance, tax, legal and wealth management issuesInternational business issuesCharity and not-for-profit issues
      • Academies and educationAgricultureFinancial servicesLife sciencesManufacturingProfessional practicesProperty and constructionTechnology
      • yes I agree I have read and accept the privacy policy and am happy for Kreston Reeves email communications I have selected above

      You can unsubscribe from our email communications at any time by emailing or by clicking the 'unsubscribe' link found on all our email newsletters and event invitations.