By Dr. Tim Sandle
DIGITAL JOURNAL
March 21, 2025
Offices in London. — Image by © Tim Sandle.
With 2025 now into its third month, concerns for cybersecurity remain high. Half of businesses report having experienced some form of cybersecurity breach or attack in the last 12 months.
This is according to Reboot Online, who have analysed data from the UK Information Commissioner’s Office (ICO) to uncover how long it takes businesses to report incidents, which were most common, and which sectors saw the largest year-on-year percentage change in reported cyber security incidents.
The findings suggest that 14 percent of all incidents are not reported until more than one week after the attack has taken place (the majority of incidents were reported between 24 and 72 hours after the breach – up 26 percent from 2023 – accounting for 51 percent of all reports).
Of the different industrial sectors most vulnerable to a cyberattack, the marketing sector stands out, reporting the largest growth of cybersecurity incidents at 190 percent.
Membership association saw the second largest growth from 2024, with 84 percent more reports at 215. While social care reported 266 incidents in 2024 – up 74 percent in the first three quarters of 2023.
In contrast, the media has reported the largest decrease in cyber security incidents, with 68 percent fewer than in 2023 – down to just 15 reports. Regulators reported 47 percent fewer incidents in 2024, while finance, insurance and credit noted 40 percent fewer.
Which cybersecurity incident had the biggest increase in reports last year?
The survey reveals the following ranking:Phishing
Malware
Ransomware
Brute force
Unauthorised access
Denial of service
The ICO received 3,366 reports of phishing between January 2024 and September 2024 – the equivalent of 12 phishing incidents a day. Compared to 2023, it represents a 64 percent increase in year-on-year phishing incidents.
In second place there were 362 cases of malware. Despite this, it was an 8 percent fall from 2023, where there were 395 malware incidences.
At the other end in sixth place is denial of service, as the ICO was alerted to one occurrence of the attack in 2024, compared to the six reported in 2023.
Venky Sundar, Founder and President of Indusface explains to Digital Journal why cyber security training is so important for businesses: “With data breaches costing businesses an average of $4.45 million globally in the last year, it raises the question of just how critical it is for organisations to provide employees with comprehensive training on what constitutes sensitive data and how they can protect it, as well as what is at stake if they do not adhere to the policies.”
The answer appears to be with improved training and development: “Training doesn’t have to be monotonous, for example setting up phishing email simulators to engage the team and allow them to see the potential dangers in action. These simulations show how quickly and easily attacks can happen, helping employees develop practical, hands-on skills for spotting suspicious activity.”
Cities, at risk from all quarters? — Image by
© Tim Sandle (at the Design Museum, London)
Sundar adds: “Cybersecurity threats evolve constantly, so training should be regular, not a one-time event. Regular training and guidance will ensure that employees receive tailored guidance on securing their work equipment, home offices, use of VPNs, and recognizing the unique threats posed by both in-office and home working environments.”
Sundar adds: “Cybersecurity threats evolve constantly, so training should be regular, not a one-time event. Regular training and guidance will ensure that employees receive tailored guidance on securing their work equipment, home offices, use of VPNs, and recognizing the unique threats posed by both in-office and home working environments.”
No comments:
Post a Comment