Most Cyber Attacks in the UK Could Have Been Prevented

By: Arieanna Schweber | 5/19/2016

The Government in the UK recently released its Cyber Security Breaches Survey 2016, a survey which looks at the approach to cyber security by UK businesses in order to better inform Government policy and security recommendations to businesses. According to the report, two thirds of large UK businesses suffered a cyber attack or breach in the past year, with 68% of those breaches caused by viruses, spyware and malware that could have been avoided had basic cyber security practices been followed (as laid out in the governments Cyber Essentials scheme).

According to the report, only 51% of those surveyed have taken the government-issued recommended actions to identify or prevent cyber risks, despite the fact that nearly two-thirds of organizations claim that cyber security is a top priority. More troubling, the survey reveals that only 29% of organizations have formal written cyber security policies and only 10% have a formal incident management plan. Only 13% of organizations extend their cyber security standards to suppliers or vendors. When it comes to security training, large organizations fare better (62%), while only 22% small organizations have trained employees within the past 12 months, though data breaches affect organizations of all sizes.

The average cost of a data breach to a large business was listed at £36,500, with the most costly breach at £3 million. Coming out of the survey, the Government wants to re-iterate the importance of getting a solid security foundation in place, helping to protect against common cyber threats. The Government's 10 Steps guidance includes:

  1. Information risk management (policies, board involvement)
  2. Secure configuration (including patch management)
  3. Network security
  4. Managing user privileges
  5. User education and awareness
  6. Incident management
  7. Malware protection
  8. Monitoring (of user activity and regular health checks)
  9. Removable media controls
  10. Home and mobile working policies

When it comes to the current risk landscape, having visibility into the endpoint and the data contained therein is vitally important to cyber security preparedness. One study recently suggested that as much as 45% of corporate data is held on endpoint devices, while another report suggests that exploited mobile devices account for one third of cyber security incidents.

At Absolute, we provide persistent endpoint security and data risk management for the mobile world. Our unrivalled endpoint data security offering helps secure your endpoints and the sensitive data they contain, with automated alerts and monitoring, regardless of user or location. Learn more about the Absolute DDS difference at

Financial Services