Government Releases 2022 Cybersecurity Breach Inquiry – Commentary

The UK government is urging businesses and charities to step up their cybersecurity practices as the Cyber ​​Security Breaches Survey 2022 shows the frequency of cyberattacks is increasing. Nearly one in three businesses (31%) and a quarter (26%) of charities that suffered attacks said they now experience breaches or attacks at least once a week.

However, although the survey shows that the frequency of cyberattacks is increasing, the number of businesses that suffered an attack or breach remained the same as in 2021. Almost a third of charities (30%) and two in five companies (39%) reported cybersecurity breaches or attacks in the past 12 months.

The National Cyber ​​Security Center has also issued a note stating that it is not aware of any current specific cyber threats against UK organizations in relation to events around Ukraine, but encourages organizations to follow its advice to reduce the risk of being the victim of an attack. Small businesses should adopt the Cyber ​​Essentials program to protect against common cyber threats, such as phishing attacks, and use the small business guide to improve cybersecurity practices. Large organizations should use the Board Toolkit to get company leaders to act on cyber resilience, and charities should follow the Charity Short Guide to Strengthening Cybersecurity Operations.

Following a wave of high-profile attacks over the past year, including against Kaseya, Colonial Pipeline and Microsoft Exchange, the government says increased attention has been paid to the cybersecurity of supply chains and digital services . As a result, according to the 2022 survey, four in five (82%) senior managers in UK businesses now say they regard cybersecurity as a “very high” or “fairly high” priority, up from 77% in 2021. This is an increase significant and the highest figure ever recorded in the cybersecurity breach survey.

The 2022 survey also found that 40% of businesses and nearly a third of charities (32%) use at least one managed service provider, but only 13% of businesses reviewed the risks posed by providers. immediate.

The government is aiming to boost the cyber resilience of critical businesses by updating the Network and Information Systems (NIS) Regulations 2018, which sets out cybersecurity rules for essential services, such as water, energy, transport, healthcare and digital infrastructure. The government says this will ensure the legislation remains effective and keeps pace with technology. It includes proposals to expand the NIS regulations to include managed service providers on which essential and digital services depend to operate, to minimize the risk of attacks.

For more information on this subject, please contact Alan Owens to Wiggin by telephone (+44 20 7612 9612) or by e-mail ([email protected]). Wiggin’s website can be accessed at

Comments are closed.