Around half of the UK’s businesses had no security policies in place in 2020 – fewer than in 2019.
According to a report by the Department for Digital, Culture, Media and Sport (DCMS), the proportion of businesses and charities using security monitoring tools fell from 40 per cent in 2019 to 35 per cent in 2020.
At the same time, the number of organisations using up-to-date antivirus software dropped from 88 per cent to 83 per cent.
Only 52 per cent of businesses and 47 per cent of charities used one or more cyber security measure last year, such as conducting risk assessments and audits, penetration testing or investing in threat intelligence.
This decline in overall cyber resilience coincided with a steep rise in security risks due to the pandemic when phishing and ransomware attacks soared.
The DCMS also found 39 per cent of businesses and 26 per cent of charities reported security breaches or cyber-attacks during 2020, with factors like remote working making securing IT environments more challenging.
Big organisations in particular found dealing with hardware and software changes more difficult than most because of the sudden surge in the number of endpoints they had to manage.
The Cyber Security Breaches Survey 2021 findings, issued by the DCMS, also show that cyber-attacks have evolved and become more frequent. Since 2017 there has been a rise in businesses experiencing phishing attacks, from 72 per cent to 86 per cent, but a fall in viruses or other malware from 33 per cent to 16 per cent.
Gary Jowett, from Computer & Network Consultants (CNC) in Brighton, said: “The lockdowns we’ve experienced were a recipe for disaster among businesses and charities, many of whom haven’t been prepared for the higher level of exposure to hackers that remote working brings – and the impact it has on maintaining corporate security policies and standards. That is why having robust training and security policies in place is vitally important. For small and medium sized businesses, who may be concentrating on sales and servicing, security may be best maintained if it’s supported by an independent third party who can ensure it isn’t neglected at the expense of other priorities.”