Proposed changes to the Cyber Security Breaches Survey (CSBS)
Executive summary
Of the proposed options, AAT suggests retaining the CSBS in its current format (including an annual update to the questions to meet user needs).
A separate longitudinal large business survey to try to identify causal links between organisational behaviours and breaches is not likely to be of significant help in tackling cyber security threats given large businesses already have the resources to cope with such threats and to undertake their own research.
Discontinuing the CSBS to be replaced by a longitudinal survey would not be helpful either given DCMS would be swapping one problem for another, ie difficulties arising from surveying large pools of respondents who vary from year to year to utilising the same people from year-to-year but only in relatively small numbers.
A large cohort of respondents is likely preferable to identify threats and trends. AAT would also like to stress the importance of having a strong focus on the small business community given they are subject to over 65,000 cyberattacks a day and most do not have the level of awareness, understanding or resources as their larger peers, and similarly most do not have any form of cyber insurance.
Related consultation responses
Cyber security incentives and regulation review 2020
Our members want us to provide cyber security help, especially on identifying threats. The Cyber Security Skills Strategy is welcome but should go further.
Draft guidance on digital identity
AAT supports digital identity and electronic verification in the client onboarding process to help combat money laundering and terrorist financing.
