Learning Lessons from the UK Government’s Cyber Security Breaches Survey: Surviving Cyber-Attacks
In an increasingly digital world, the threat of cyber-attacks looms larger than ever. The 2024 Cyber Security Breaches Survey conducted by the UK Government paints a sobering picture of the challenges faced by businesses in identifying and surviving these threats. As cyber-attacks evolve, particularly targeting large enterprises, the need for robust cyber resilience strategies has never been more critical.
Identifying Cyber Breaches: A Growing Awareness
The survey reveals a significant shift in how businesses perceive and address cyber risks. More organizations are actively probing their digital landscapes, adopting security monitoring tools, and conducting regular risk assessments. Large enterprises, in particular, have made notable progress, investing heavily in cyber risk management to gain enhanced visibility into the threats they face.
Despite this increased awareness, the survey indicates that nearly 50% of businesses have experienced some form of breach or attack, with phishing emerging as the predominant vector. Interestingly, while phishing is prevalent, it is often not viewed as a highly disruptive breach type. This raises important questions about how organizations perceive the severity of various cyber threats. It appears that many businesses may downplay the impact of phishing, focusing on its commonality rather than its potential consequences.
The Disconnect in Attack Impact and Recovery Times
The survey data reveals a surprising disconnect between the perceived impact of cyber-attacks and the actual recovery times reported by businesses. While phishing is widely reported as the most disruptive type of attack, it is often easier to contain compared to more sophisticated breaches like ransomware. Yet, 50% of surveyed businesses claim phishing as the most disruptive attack type.
This discrepancy becomes even more pronounced when comparing recovery times. While many organizations report recovering from breaches in "less than 24 hours," the 2024 IBM Cost of a Data Breach report suggests that it takes an average of 258 days to contain a breach. This stark contrast indicates that many businesses may not fully understand the depth of their cyber risks or, more likely, under-report the true challenges associated with recovery.
The gap between perception and reality is likely driven by a lack of proper post-breach investigation. Many organizations assume recovery once operations are restored, overlooking the latent damage that attackers could still be leveraging, particularly concerning compromised data or network vulnerabilities.
Incident Response: A Critical Weakness
One of the most alarming findings from the survey is the lack of preparedness for incident response across various sectors. Only 21% of organizations have a documented incident response plan. While the finance and insurance industries show slightly better numbers, with 51% of companies claiming to have a plan, a significant portion of UK businesses remains without formal recovery plans for cyber incidents.
This lack of preparation is concerning. Incident response plans are vital for minimizing disruption, coordinating across departments, and engaging third parties like insurers or regulators. A well-constructed plan ensures swift communication with key stakeholders during a breach, which is critical for mitigating financial and reputational damage. The survey suggests that organizations struggle to document and formalize these processes, leading to an overly optimistic claim that over 75% of organizations “took no time at all” to recover from their most disruptive attack.
Communication is Key
Effective communication is a cornerstone of successful incident response. The survey highlights the importance of clear communication, whether relaying the scale of an attack to senior management or notifying regulators and insurance providers. Communication breakdowns can extend recovery times and exacerbate damage.
Organizations are beginning to recognize the importance of communication, with an increasing number prioritizing cybersecurity awareness across all levels. However, the focus must shift toward more proactive communication strategies—documenting every phase of a cyber response as they would for any business continuity or disaster recovery plan. This formalization is essential to ensure that the “no time at all” recovery metric becomes a repeatable outcome.
Risk-Based Strategies: A Way Forward
To address the gaps identified in the survey, businesses must adopt more risk-based approaches to cyber resilience. Rather than treating all risks equally, organizations need to focus on the threats most likely to disrupt their operations. Cyber risk assessments should align with broader business priorities, ensuring that security teams and executive leadership are aligned on the severity of potential threats.
Incorporating continuous penetration testing, red teaming, and lessons learned from previous attacks can drive improvement. Surprisingly, only 21% of businesses currently perform formal reviews after an attack, meaning that most organizations miss crucial opportunities to identify vulnerabilities and strengthen their defenses.
Conclusion
The 2024 Cyber Security Breaches Survey highlights that while many businesses are making strides in identifying threats, critical gaps in response and recovery remain. Organizations must bridge these gaps by adopting robust incident response plans, formalizing communication channels, and learning from each attack. By addressing these weaknesses, businesses can reduce recovery times and mitigate the long-term impact of cyber breaches.
As the threat landscape continues to evolve, businesses must adapt their approach to resilience, embracing risk-based strategies that not only identify but also anticipate and survive the next wave of attacks. The lessons learned from this survey are not just cautionary tales; they are calls to action for organizations to fortify their defenses and ensure their survival in an increasingly perilous digital environment.
Written by
Lewis Duke
SecOps and Threat Intelligence Lead
Trend Micro