Cyber Security Breaches Survey 2022 – Analysis

Ransomware Cyber Breaches Survey Post Featured Image

Earlier this week, The Department for Digital, Culture, Media & Sport released the seventh iteration of their annual Cyber Security Breaches Survey, detailing UK organisation’s approaches to cyber security and the quantity and success rate of different techniques and methods being adopted by cyber criminals.

The Cyber Security Breaches Survey has been developed over the past seven years to reflect the government’s approach to cyber security, detailed within the current National Cyber Strategy 2022 documentation. Whilst this report will be primarily used to inform government policy in relation to cyber security, it can also be analysed to highlight the current national stance and where improvements can be made.

Key Findings

The report published dives deep into the most prevalent of cyber attacks and their associated effects on organisations over the course of the past 12 months, and reveals some staggering statistics.

Out of the 1,243 UK businesses and 424 charities surveyed, almost four tenths identified breaches or attacks over the past year, with a further 31% of businesses and 26% of charities identified estimating they experience at least one cyber attack per week. This statistic whilst already high is undoubtedly not reflective of the true number of cyber attacks experienced by UK businesses and charities, as the reported findings can only include the identified attacks.

As noted within our previous “How To Become More Cyber Secure On A Budget” article, investing into your organisation’s cyber security doesn’t have to cost thousands, whereas not investing can often lead to a loss of revenue, data, and reputation. The survey found that the average cost of cyber attacks over the last 12 months was £4,200, rising rapidly to £19,400 when only considering medium and large businesses.


The report notes that 38% of all businesses and charities involved with the survey have cyber security cover as part of a wider insurance policy, with only 5% of organisations having a specific cyber security insurance policy. By increasing the amount of organisations with a form of cyber security insurance, the UK could drastically reduce the average cost and effect of cyber attacks to organisations.

Cyber security insurance may seem out of reach for some organisations due to the associated cost. However, as part of the Cyber Essentials scheme ran by the accreditation body IASME in partnership with the National Cyber Security Centre (NCSC), cyber security insurance is included for free upon certification, provided that your head office is domiciled in the UK and your gross annual turnover is less than £20m.

This highlights one of the many benefits of the Cyber Essentials scheme designed to protect organisations against the most prevalent of attacks, which can be achieved starting from as little as £300, or from £775 if you would like support from one of Bruce & Butler’s cyber security team.

However, even with the wide range of benefits associated with gaining Cyber Essentials certification, the adherence to the scheme is only 6% for both businesses and charities according to the survey. Bruce & Butler aims to help towards the annual uptake of such schemes throughout UK organisations by aiding organisations gain certification and making it more accessible, further strengthening the UK’s overall cyber security stance.

A further statistic found by the survey is that only 17% of businesses have conducted cyber security training or awareness sessions in the past 12 months, raising slightly to 19% in charities. As part of ISO 27001, Bruce & Butler’s cyber security team would aid your organisation in developing an annual programme to support your compliance and ensure users are adequately trained to react to threats such as phishing.

The Cyber Security Breaches Survey also digs deeper into what the most common form of breach or attack is, returning the statistics that 83/87% of businesses/ charities targeted over the past 12 months, suffered from phishing attempts.

As defined by the NCSC, phishing is when a malicious entity tries to mislead users into either downloading forms of malware, directing them to infected or fake websites, or providing information which is not already publicly available.

Educating users on how to avoid, spot, and internally report phishing attempts is key to reducing the amount of successful phishing attempts against your organisation and in turn reducing the risk. Bruce & Butler offer Phishing Simulations as a service which can benefit organisations by increasing security using quantifiable results, reducing the net cyber security cost, and reducing overall cyber risk.

A final statistic provided by the Cyber Security Breaches Survey is that only one third of organisations contacted have a formal policy covering cyber security, or a business continuity plan. Implementing such documentation enables users to act in accordance with the documentation whilst having a reference point for all cyber security related issues. By ensuring that all users know the policies and procedures in place within your organisation, risks potentially not previously considered can be reported accordingly, and your organisation’s data can in turn become more effectively protected.

Bruce & Butler Solutions

As a fully-managed cyber security services provider, Bruce & Butler will work closely with you to fully understand the requirements of your organisation and the security threats you face. Following this, we’ll devise and implement a robust security solution to ensure your sensitive information remains secure.

Our cyber security services range from Cyber Essentials and Cyber Essentials Plus, to ISO 27001 and ISO 27701,  to ransomware recovery and the previously mentioned phishing simulations.

Get In Touch

If you’re interested in finding out more about how Bruce & Butler can help your organisation protect itself against today’s most prevalent of threats. Or if you’re interested in any of our other data protection services such as our NHS data security & protection toolkit or our penetration testing services, please contact us today through our Contact Us page.