This is interesting (it’s the survey mentioned in the previous post), as most surveys about breaches that you see are about US companies, whereas this one is about the UK.

The sample size is quite good (1,419 businesses, 487 charities).

The main takeaway for me is that phishing represented 80% of ‘attacks’ but:
* Only 20% of businesses and 14% of charities offer employees security awareness training to protect against phishing
* Around half of businesses and charities have ‘an agreed process around phishing attacks’

39% of the businesses and 26% of charities ‘reported cyber attacks or breaches in the last 12 months’, of which around 20% resulted in a ‘loss of money, data or other assets’ ==> 8% of businesses polled were adversely affected by a cyber attack.

20% of businesses reported having laptops with unsupported versions of Windows (pre-Windows 8.1)!!! Those machines are very vulnerable.