In 2021, fewer charities are reporting violations or attacks they affected (40% versus 56% in 2020) - a statistically significant change, unlike businesses. Specifically, only 24% this year said they need new measures for future attacks, up from 42% in 2020. This brings the results of charitable activities closer to the results of 2019.
New categories being considered for the first time this year - mock phishing, vulnerability auditing, and penetration testing - are also relatively rare, occurring in about one to two in ten organizations. Although the survey asked about audit in previous years, a significant change in the wording of the question means that this result is not comparable to previous years.
The driving force behind all of these changes has typically been business continuity to keep employees on the job, not cybersecurity. However, in some organizations, senior management emphasis on service continuity at the start of the first UK lockdown has allowed cyberleaders to drive increased investment in IT and cybersecurity.
In a separate survey, organizations were asked whether they admit they adhere to Cyber Essentials or Cyber Essentials Plus standards. Both are asking organizations to implement cybersecurity measures in the same areas, but the latter includes an external technical assessment. Only a small minority of businesses - 4% and 4% of charities report adherence to Cyber Essentials, and only 1 percent in each case say they have Cyber Essentials Plus. For large enterprises, this rises to 29% for Cyber Essentials and 9% for Cyber Essentials Plus.
However, the situation is different for businesses that report breaches or attacks with a significant impact. In these cases, it takes a day or more to restore a third (34%) of enterprises (versus 10% of enterprises with any disruptions or attacks, including those that were unsuccessful). For charities, the picture is broadly similar, although the sample of charities reporting violations or results is too small.
Privacy has never been such a hot topic. Businesses and individuals are demanding more control over their privacy and navigating the new unknown through hybrid and flexible telecommuting, with the uncertain pathways of how trust and security work hand in hand. National Computer Safety Day, celebrated on November 30, is based on raising awareness of cybersecurity and online security issues by allowing people to take responsibility for their online presence and identity. As the day draws closer, how can a deeper understanding of pain points, pressure points, and vulnerabilities help improve the user experience online? Consent to data can enrich our digital experience. The positives of data cannot be ignored: we consume the content chosen by the algorithm, selected for us in our news feeds, and quite often we view those advertisements that are aimed at us. None of this would be possible without tracking cookies and collecting data.
But it's not just sunshine and roses. Human perception of web tracking is often negative and is often associated with marketing use and e-commerce optimization. There are enough questions related to the use of our data on the Internet that even the most level-headed people are not smart enough.