UK businesses have reported significantly less cyberattacks this year, compared to the last one, or the one before that.
The Department for Digital, Culture, Media and Sport (DCMS) says it surveyed 1,566 businesses to analyse the amount of cyber-related incidents in business, and came to the conclusion that 32 per cent of businesses identified a data breach, less than the 43 per cent from 2018, or 46 per cent from 2017.
There are multiple factors that could be causing this drop in cyberattacks, the DCMS says, including businesses investing more money in cybersecurity, better compliance (enforced by the GDPR), or even changes in how the attacks behave.
One of the examples the report gives is that these attacks could be focusing on a smaller number of businesses, instead of casting a wide net. Businesses that used to report being attacked two times in a year, now report being attacked six times.
The victim businesses claim that they’re mostly targeted by phishing attacks (80 per cent), followed by viruses, spyware and malware.
Ken Munro of Pen Test Partners said there are too many variables to make the findings conclusive.
"Are the number of antivirus reports down because organisations (rightly) don't consider them to be attacks/breaches or incidents? Or is it because the antivirus products aren't detecting the types of malware that are being used now?"
“Without analysing the quality of phishing attacks, the data is also meaningless. Are untargeted phishing attempts being filtered out upstream?”
"I don't think anything can be concluded from the report other than that 'cyber stuff is still happening and some businesses are taking it more seriously'."