Cyber Security Breaches Survey 2018

Ipsos MORI and its partner, the Institute of Criminal Justice Studies at the University of Portsmouth, were commissioned by the Department for Digital, Culture, Media and Sport to carry out the latest Cyber Security Breaches Survey, as part of the UK Government’s National Cyber Security Programme.

The author(s)

  • Jayesh Navin Shah Ipsos Public Affairs, UK
  • Kelly Finnerty Ipsos Public Affairs, UK
  • Helen Motha Ipsos Public Affairs, UK
  • Yasmin White Ipsos Public Affairs, UK
Get in touch

Ipsos MORI and its partner, the Institute of Criminal Justice Studies (ICJS) at the University of Portsmouth, were commissioned by the Department for Digital, Culture, Media and Sport (DCMS) to carry out the latest Cyber Security Breaches Survey, as part of the UK Government’s National Cyber Security Programme. It follows earlier surveys in the same series carried out in 2017 and 2016.

The 2018 survey again highlights that virtually all UK organisations covered by the survey are exposed to cyber security risks, with 98% of businesses and 93% of charities relying on some form of digital communication or services, such as staff email addresses, websites, online banking and the ability for customers to shop online. Charities are exposed to further online risks, with around one in three enabling people to donate online (31%) and over one in four allowing beneficiaries to access their services online (27%).

In this context, over four in ten businesses (43%) and two in ten charities (19%) suffered a cyber breach or attack in the past 12 months.

Moreover, three-quarters of UK businesses (73%) and more than half of charities (53%) say that cyber security is a high priority for their senior management.

However, as in previous surveys in 2017 and 2016, a sizable proportion of businesses and charities still do not have basic protections or have not formalised their approaches to cyber security:

  • Under three in ten businesses (27%, versus 33% in the previous 2017 survey), and two in ten charities (21%) have a formal cyber security policy or policies.
  • Less than a third (30%) of businesses, and only a quarter of charities (24%), have made specific board members responsible for cyber security.
  • One in five businesses (20%) and two in five charities (38%) also never update their senior managers on cyber security issues.
  • A fifth (20%) of businesses and a lower proportion of charities (15%) have had any staff attend internal or external cyber security training in the last 12 months.

Infographics

Infographic: UK Business and CharitiesInfographic: Medium and Large BusinessInfographic: Micro and Small BusinessesInfographic: Charities by Income Band

Technical note

  • The Cyber Security Breaches Survey is an Official Statistic and has been produced to the standards set out in the Code of Practice for Official Statistics.
  • Ipsos MORI surveyed 1,519 UK businesses (including 252 large businesses employing 250 or more staff) and 569 UK registered charities by telephone from 9 October to 14 December 2017.
  • Sole traders and public sector organisations were outside the scope of the survey, so were excluded. In addition, businesses with no IT capacity or online presence were deemed ineligible, which meant that a small number of specific sectors (agriculture, forestry and fishing) were excluded.
  • Both the businesses and charities data have been weighted to be statistically representative of these two populations.
  • A total of 50 in-depth interviews were undertaken in January and February 2018 to follow up businesses and charities that participated in the survey.

The author(s)

  • Jayesh Navin Shah Ipsos Public Affairs, UK
  • Kelly Finnerty Ipsos Public Affairs, UK
  • Helen Motha Ipsos Public Affairs, UK
  • Yasmin White Ipsos Public Affairs, UK

More insights about Public Sector