Key takeaways from the PwC and NCSC cyber security reports
The UK National Cyber Security Centre (NCSC) reports that ransomware continues to be the number one choice for cyber criminals in business exploitation
We analysed the NCSC Annual Review in addition to PwC’s 2022 Cyber Security Strategy Survey of Business and Technology Leaders. Both remind us of a number of key themes for businesses and their cyber resilience. A repetitive theme remains and is still growing: ransomware.
- The 2021 cyber security review conducted by the NCSC revealed that in the first four months of 2021, the NCSC handled the same number of ransomware incidents as for the whole of 2020 – which was itself a number more than three times greater than in 2019
- The rapid rise in ransomware attacks is proving a highly lucrative business model for cyber criminals. As a business owner, one must consider when, not if, you may be a victim of cyber crime
The increase in reported attacks may be partly due to the number of firms starting to report them in line with regulations such as GDPR. Nonetheless, ransomware remains a profitable revenue stream for criminals.
- UK organisations predict a further 61% increase in ransomware incidents during 2022
- From a return on investment (ROI) point of view for the cyber-criminal, this is a low risk high return investment
- As the cyber security industry develops responses to ransomware attacks (typically reactively), so do the cyber criminals adapt to the changing landscape of cyber protection processes, developing even greater sophisticated approaches to increase their ROI
PwC have made a point that whilst cyber criminals are ensuring they get good returns, organisations are failing to maximise their ROI in any security investments. It’s a point we fully agree with. Many firms procure security software or other services relatively blindly. Throwing money at the problem with a single fix solution is not the ideal strategy.
The best approach is to conduct a cyber security risk assessment to first understand what key risks and gaps exist. Any investment in time or money should be spent on those key risks and gaps, otherwise the real risks are not being addressed. No risk assessment, no return on investment.
“While 37% of UK respondents said they had implemented cloud security at scale, just 18% are fully realising the benefits of their investment… To overcome this challenge and build greater confidence in their security investments, organisations must improve their cyber risk modelling and analysis. This ensures increases in cyber budgets are allocated to priority risks and help build long-term resilience.”
To ensure a customised approach to cyber security management for the SME, it is essential to apply an ongoing risk approach that evolves with your growing business and the changing landscape of cyber-attacks. A consultative service can provide a continuously updated solution for your business, one that doesn’t overwhelm your budget and offers realised returns on investment in reducing the key cyber risks.
NCSC annual review 2021:
Kloudwerk works with you to help you keep the cyber criminals out. We offer affordable risk-based cyber security consultancy packages for business customers. Please visit our Cyber Consultancy page for more information