Cyber Security Breaches Survey 2019

Ipsos and its partner, the Institute of Criminal Justice Studies at the University of Portsmouth, were commissioned by the Department for Digital, Culture, Media and Sport to carry out the latest Cyber Security Breaches Survey, as part of the UK Government’s National Cyber Security Programme.

Ipsos and its partner, the Institute of Criminal Justice Studies (ICJS) at the University of Portsmouth, were commissioned by the Department for Digital, Culture, Media and Sport (DCMS) to carry out the latest Cyber Security Breaches Survey, as part of the UK Government’s National Cyber Security Programme. It follows earlier surveys in the same series carried out in 2018, 2017 and 2016.

The 2019 survey highlights the persistent threat of cyber-attacks facing businesses and charities with around a third of businesses (32%) and a fifth of charities (22%) having suffered a cyber breach or attack in the past 12 months. This represented a significant fall in the number of businesses identifying breaches (down from 43% in 2018, and 46% in 2017). The charities result was similar to 2018.

Among organisations identifying breaches or attacks, the most common types identified are phishing attacks, identified by 80% of businesses and 81% of charities, followed by instances of others impersonating an organisation in emails or online (28% of businesses and 20% of charities) and viruses or other, spyware or malware, including ransomware attacks (identified by 27% of businesses and 20% of charities).

This year’s survey shows that cyber security is a growing priority for senior management, with over three-quarters of UK businesses (78%) and charities (75%) saying that cyber security is a high priority for their senior management. This is a significant increase since 2018 when these proportions were 74% for businesses and 53% of charities.

Reflecting this change in attitudes, there have also been shifts in action taken in this latest survey:

  • More businesses (57%, vs. 51% in 2018) and charities (43%, vs. 27% in 2018) update their senior management on actions taken around cyber security at least once a quarter.
  • Both businesses (27%, vs. 20% in 2018) and charities (29%, vs. 15% in 2018) are more likely to have had staff attend any kind of cyber security training in the last 12 months.
  • Written cyber security policies are more common both among businesses (33%, vs. 27% in 2018) and charities (36%, vs. 21% in 2018).

Insights from the qualitative interviews suggests that GDPR has encouraged many organisations over the past year to engage formally with cyber security for the first time, and others to strengthen their existing policies and processes. However, the survey also shows that there is more that organisations can do to protect themselves from cyber risks. This includes important actions which are still relatively uncommon, such as board-level involvement in cyber security, monitoring suppliers and planning incident response.

Infographics

Infographic: UK Businesses and Charities

Infographic: Medium and Large Businesses

Infographic: Medium and Large Businesses

Infographic: Charities by Income Band

Technical note

  • The Cyber Security Breaches Survey is an Official Statistic and has been produced to the standards set out in the Code of Practice for Official Statistics.
  • Ipsos surveyed 1,566 UK businesses (including 488 large businesses employing 250 or more staff) and 514 UK registered charities by telephone from 10 October to 20 December 2018.
  • Sole traders and public sector organisations were outside the scope of the survey, so were excluded. In addition, businesses with no IT capacity or online presence were deemed ineligible, which meant that a small number of specific sectors (agriculture, forestry and fishing) were excluded.
  • Both the businesses and charities data have been weighted to be statistically representative of these two populations.
  • A total of 52 in-depth interviews were undertaken in January and February 2019 to follow up businesses and charities that participated in the survey.

 

Download

The author(s)

Related news

  • Welsh Senedd polling
    Politics Survey

    Plaid Cymru has slight lead over Reform UK in new Ipsos Wales Senedd poll, but half of voters may change mind

    New polling data from Ipsos in the UK, conducted 2–8 April 2026, reveals a complex political landscape in Wales ahead of the Senedd elections. While Plaid Cymru has a slight lead in voting intentions, Reform voters are more committed, and many voters say they may still change their mind. The research also highlights widespread public frustration with the performance of the Welsh Government and a significant lack of trust in any single party to address the nation's top priorities.
  • Ipsos Scotland Political Pulse
    Scotland Survey

    Scots unimpressed by Holyrood campaigns, but give SNP the edge

    With just two weeks to go until the Scottish Parliament election on 7th May, new data from Ipsos’s Scotland Political Pulse shows that, while voters are not particularly impressed by any of the parties, the SNP have the edge, with views on both the party and their leader improving since last month.
  • Money jar
    Issues Index Survey

    Economic optimism falls to record low as concern over inflation rises

    The latest Ipsos Economic Optimism Index (EOI) reveals that net economic optimism in Britain has fallen to the lowest levels ever recorded since Ipsos began collecting this data in 1978. In the latest data, collected 8-14 April 2026, 78% of Britons expect the economy to get worse over the next 12 months (up 3ppts since last month), the highest level recorded since the Index began.