UK winning cybersecurity battle, claims DCMS

The proportion of UK businesses experiencing cyber breaches or attacks has dropped from 43 percent to 32 percent in the past 12 months, according to an announcement from the Department for Digital, Culture, Media, and Sport (DCMS).

The results have been published in the Department’s 2019 Cyber Security Breaches Survey. According to that report, the reduction is partly due to the introduction of the EU’s General Data Protection Regulation (GDPR) in May 2018 – which was cast into UK law under the terms of the Data Protection Act 2018.

Thirty percent of businesses and 36 percent of charities have made changes to their cyber security policies and processes as a direct result of the regulations, said DCMS.

The findings echo comments made by Jonathan Bamford, Director of Domestic Strategic Policy at the Information Commissioner’s Office (ICO) in January.

Speaking at a Westminster eForum conference on the lessons to date of GDPR, Bamford said that the regulations had forced many organisations to get to grips with the basics of data protection for the first time, despite having existing legal obligations under the 1998 Data Protection Act.

He said, “One of the most interesting things we’ve noticed is how many organisations woke up to data protection for the first time with GDPR. And a lot of the work we’ve had to do in terms of advice and complaints-handling has been on what I regard as core data protection issues. Not new things that have cropped up under GDPR, but data protection basics that organisations should have been on top of for a long, long time.

“A lot of our effort hasn’t been on the minutiae of changes under GDPR or the Data Protection Act 2018, it’s been on core issues like subject access. A lot of the enquiries we’ve received have been about these data protection basics.”

Bamford warned that, as a result, many organisations now wrongly believe that data protection is solely about GDPR compliance, rather than their wider obligations under the 2018 Act.

According to DCMS, of those businesses that suffered cyber attacks over the past year, the typical median number of breaches has risen from four to six. In other words, affected organisations are being attacked more. The figures show that 48 percent of businesses and 39 percent of charities that were breached or attacked, identified at least one incident or attack every month.

According to DCMS, the most common incidents involved phishing emails, followed by instances of others impersonating their organisation online, viruses, or other malware – including ransomware.

Digital Minister Margot James said, “Following the introduction of new data protection laws in the UK, it’s encouraging to see that business and charity leaders are taking cybersecurity more seriously than ever before.

“However, with less than three in ten of those companies having trained staff to deal with cyber threats, there’s still a long way to go to make sure that organisations are better protected.”

Through the CyberFirst programme, the government is working with industry and education to improve cybersecurity and get more young people interested in taking up a career in the sector.

  • The DCMS results contrast with a report published this week by Panda Security. The cybersecurity company warned that cyber attacks are becoming more sophisticated and less obvious, deploying legitimate applications or ‘goodware’ (as opposed to malware).

Two out of three attacks now employ ‘friendly’ applications and fileless malware, said the company in an announcement today.

According to Panda Security, 49 percent of organisations are unaware of the new threats that can lead to cyber attacks. The average time to identify a breach is 197 days, and the average time to contain it is 69 days, said the company. In short, victims could be affected by new kinds of cyber attack for up to nine months.

Chris Middleton
Chris Middleton
Chris Middleton is one of the UK’s leading independent business and technology journalists, an acknowledged robotics expert, an experienced public speaker and conference host, the author of several books, and the editor of (and contributor to) more than 50 other books. Chris specialises in robotics, AI, the Internet of Things, and other Industry 4.0 technologies, such as blockchain. He has appeared several times on BBC1, ITN, Radio 2, Radio 5Live, Talk Radio, and BBC local radio discussing robots’ societal impacts, and has been quoted numerous times in the press, including in The Sun and the Evening Standard.

More from author


Please enter your comment!
Please enter your name here

Related posts


Latest posts

Finance in a Modern Era

Modern trading and finance don’t keep regular office hours, nor regular places of business. Beyond the demand for fast transactions, the trading floor –...

Workstations: A Guide to Reliable, Efficient, and Capable Devices for the Power Users

This IDC InfoBrief is aimed at decision makers, the C-suite, and IT department managers and power and advanced PC users, specifically those who make...

GitHub CEO discusses European Union’s role in AI regulation

GitHub CEO Nat Friedman recently spoke about the European Union's role in regulating Artificial Intelligence (AI). In an interview with Wired, Friedman stated that...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!