The Cyber Security Breaches Survey is an official statistic. Since 2016, it has measured how UK organisations approach cyber security, and the impact of breaches and attacks. This infographic shows the key findings for UK businesses.
Despite COVID-19, cyber security remains a priority among management boards.77% of businesses say that cyber security is a high priority for their directors or senior managers (vs. 69% in 2016).

Phishing is the most commonly identified cyber attack. Among the 39% identifying any breaches or attacks, 83% had phishing attacks, 27% were impersonated and 13% had malware (including ransomware).

Click to download

Globally, governments have been forced to act quickly in response to COVID-19 and to find new ways of working.

In many instances this has been effective, but it has also come at the expense of some of the usual rigor and diligence that is expected and required of governments. To support people and economies, governments have had to relax spending rules, implement changes rapidly and take shortcuts that may expose them to risk.

The risk landscape in the post-pandemic new reality will likely be one that has accumulated through each phase of the crisis

Click to download

In March 2021 the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) observed Advanced Persistent Threat (APT) actors scanning devices on ports 4443, 8443, and 10443 for CVE-2018-13379, and enumerated devices for CVE-2020-12812 and CVE-2019-5591. It is likely that the APT actors are scanning for these vulnerabilities to gain access to multiple government, commercial, and technology services networks. APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spearphishing campaigns, website defacements, and disinformation campaigns.

The FBI and CISA have information indicating APT actors are using multiple CVEs to exploit Fortinet FortiOS vulnerabilities. The FBI and CISA believe the APT actors are likely exploiting these Fortinet FortiOS vulnerabilities—CVE 2018-13379, CVE-2020-12812, and CVE-2019-5591—to gain access to multiple government, commercial, and technology services networks.

The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks. APT actors may use other CVEs or common exploitation techniques—such as spearphishing—to gain access to critical infrastructure networks to pre-position for follow-on attacks.

Click to download

The digital transformation of the global economy has hardly been slow in the past 20 years. The first mobile phone arrived in
1989. The world wide web is 30 years old and has been broadly accessible for the past 25, while the mobile internet, just 15
years of age, is approaching full global penetration. E-commerce has rapidly expanded, and digital payments platforms leading to
a broader set of digitally-enabled financial services have seen double digit growth, especially in China.

Looking at technological enablement across sectors and regions, the gating factor with respect to growth typically is not just
the state of the technology itself, but rather the speed with which individuals, organizations, and complex systems are willing
or able to change. This resistance to change is sometimes referred to as inertia, by analogy with the physics we all learned in
high school, where to put a body with some mass in motion or to change its speed or direction requires the application of
some force.

Click to download