- CybSafe analysed data from the UK’s Information Commissioner’s Office from July to December 2021, having previously analysed H1 data
- Health and education remain the most vulnerable sectors, accounting for 34 percent of security incidents in 2021, up 1 percent from 2020.
- Education incidents rose slightly compared to the first half of the year, despite many students returning to in-person teaching
Canary Wharf, London, 4th May 2022 – Health, education, retail, and manufacturing sectors continue to be particularly vulnerable to cyber attacks and data breaches, according to analysis of recently released 2021 ICO data by cyber security awareness and data analytics company, CybSafe.
CybSafe analysed data from the Information Commissioner’s Office (ICO) – the UK’s independent body upholding information rights – following its previous analysis of ICO data for the first half of 2021 to discover the details behind the UK’s cyber security breaches throughout the entire calendar year.
While health and education remain particularly vulnerable to data breaches, the retail and manufacturing sector suffered twice as many cyber attacks as either sector, accounting for 20 percent of attacks overall in H2 of 2021.
Statistics within the retail and manufacturing industry also highlight a more general trend. The sector saw an increase in ransomware attacks, accounting for 27 percent of all attacks in 2021, up from 23 percent in 2020. In contrast, phishing attacks declined, falling from 31 percent in 2020 to 26 percent in 2021. This marks the first-time ransomware attacks have superseded phishing within the sector. Throughout 2021, ransomware saw a notable rise, accounting for 30 percent of attacks between July and December, up from 24 percent between January and June.
While the ICO data highlights phishing as the most common form of attack at just under 30 percent, ransomware continues to be an increasing threat to every sector.
As sectors adapt to life post-pandemic, the education sector is a prime example of how the cyber security landscape has changed for good. ICO 2021 data shows ransomware attacks increased to 22 percent (up from 19 percent), suggesting the trend is not subsiding despite children returning to the classroom. The sector saw a steep rise in ransomware attacks mid-way through 2020. They accounted for 26 percent of attacks in the first half of 2021 compared to just 11 percent in the previous year.
Oz Alashe, CEO of CybSafe, said:
“The ICO data tells a clear story. The pandemic saw a steep rise in ransomware attacks. With important sectors such as education and healthcare seeing a sustained level of cyber threats throughout the last year, we need to go beyond standard security training practices.
“To embody a security-first culture, the human aspect of cyber security shouldn’t be underestimated. If we want to invoke genuine behaviour change, the first step is to appreciate individuals responding differently to threats, and personalisation is crucial to building an authentic security-first culture.
“Appreciating differences in teams means you can deliver tailored security initiatives. The result is greater employee confidence, changes in security behaviour, and ultimately a defence against such malicious threats that will only grow in importance over the coming years,” Alashe concluded.
— ENDS —
CybSafe is a behavioural science and data analytics company that builds software to help organisations manage human cyber risk. The CybSafe software platform tracks and measures security behaviour to improve security controls and awareness activities. It delivers instant, personalised support for users and enables security teams to reduce risk in changing environments. CybSafe is being used by over 350 organisations, in 15 countries and is accredited by NCSC and CIISec.
CybSafe delivers the annual PeepSec summit, an official London Tech Week event and the UK’s first event focused on the people, culture, and social aspects of cyber security.
For more information, please visit www.cybsafe.com
+44 208 819 3170