Cyber Security Longitudinal Survey (Wave 3 Publication )


The Cyber Security Longitudinal Survey (CSLS) helps us better understand cyber security policies and processes within medium and large businesses and high-income charities. It explores the links over time between these policies and processes and the likelihood and impact of a cyber incident.

As this is the third year of this longitudinal study, this report is now able to track some movement over time amongst organisations. In particular, the report shows some interesting findings regarding the various directions of cyber resilience journeys amongst medium and large businesses and high-income charities.

Here are some key findings:

1. Organisations have improved their cyber resilience since the first year of the CSLS. However, between years two and three, their resilience profiles have largely remained stable. This may be explained by organisations’ shifting budgets and priorities, resulting in less investment in cyber security.

2. Most organisations have experienced a cyber security incident over the last 12 months (75% of businesses and 79% of charities). This is comparable with previous years of the CSLS.

3. Most organisations did not experience any serious consequences following cyber security incidents, in line with previous years. Only 23% of businesses and 24% of charities who experienced an incident reported an associated negative impact, most of which were short-term.

4. The longitudinal analysis reveals that organisations’ pathways of cyber resilience are not unidirectional. Across two years of participation in the CSLS, some organisations lowered their resilience level, others improved their cyber security, and many remained at stable levels.

5. Over a third of businesses (38%) and a third of charities (36%) report having at least one cyber security certification(Cyber Essentials, Cyber Essentials Plus or ISO 27001). This is consistent with Wave Two, but has increased from Wave One

6. There is a general trend of increasing board engagement with cyber security.

Access the full report here