View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Most UK businesses unaware of government cybersecurity support

Awareness of UK government schemes to improve cybersecurity support has barely increased in five years, new survey reveals.

By Afiq Fitri

Most UK businesses are unaware of government initiatives to help support and improve their basic cybersecurity practices, new survey data revealed today, and few adhere to its certification schemes. Julia Lopez, the minister of media, data and digital infrastructure, called on businesses to “take cybersecurity seriously” in response to the findings.

UK government cybersecurity support
Some smaller organisations report that cybersecurity certification is costly and complex, according to the Cyber Security Breaches survey. (Photo by Carl Court/Getty Images)

Just three out of ten businesses surveyed have heard of the government’s Cyber Aware email security programme, according to the government’s latest Cyber Security Breaches survey. This proportion has crept up from 21% in 2017. The programme encourages businesses and citizens to improve email security by using strong passwords and two-step verification.

Fewer than 20% are aware of the 10 Steps and Cyber Essentials programmes. The 10 Steps initiative offers advice on a wide range of cybersecurity issues, ranging from identity and access management to collaborating with third-party suppliers and partners on cybersecurity. Cyber Essentials is a more formal certification scheme, in which businesses can conduct self-assessments to understand their cyber posture and identify any gaps in their defences.

Unsurprisingly, given this limited awareness, a small minority of organisations surveyed have undertaken the Cyber Essentials certification (6%) or the Cyber Essentials Plus scheme which includes an external technical assessment (1% of businesses), the survey shows. Global cybersecurity standard ISO 27001 and payment card data standard PCI DSS are more widely adopted, the survey shows, but still by a minority of respondents.

Respondents to the survey reported a variety of challenges in implementing these cybersecurity standards. Some smaller businesses and charities find that compliance with these standards is too costly and, in the absence of a dedicated cybersecurity or IT team, too complex.

Larger organisations, meanwhile, struggle with implementing standards and accreditations due to the higher number of service users. For example, cybersecurity coordinators for a university found it difficult to conduct technical assessments due to the “large number of service users using personal devices," the survey found. 

“It is vital that every organisation takes cybersecurity seriously as more and more business is done online and we live in a time of increasing cyber risk,” said Lopez. “No matter how big or small your organisation is, you need to take steps to improve digital resilience now and follow the free government advice to help keep us all safe online.” 

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Read more: NCSC issues new warning on Russian software in UK tech supply chains

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.