Cyber Security Breaches Survey Logos: Ipsos, the UK Government, the Charity Commission for England and Wales, the Confederation of British Industry (CBI), the Association of British Insurers (ABI)

Cyber Security Breaches Survey 2023

This page gives you definitions for some terms used in some of the questions in the survey. During the interview the interviewer will also help to explain any of these terms if needed.

Health checks
Health check activities might include things like staff surveys, security assessments or vulnerability scans. Business-as-usual checks would be activities like this that are undertaken no a scheduled basis, e.g. annually. Ad-hoc checks will be the same kinds of activities but just undertaken as a one-off, e.g. in response to an attack.
Cyber security
Cyber security includes any processes, practices or technologies that organisations have in place to secure their networks, computers, programs or the data they hold from damage, attack or unauthorised access.
Cloud computing
Cloud computing uses a network of external servers accessed over the internet, rather than a local server or a personal computer, to store or transfer data. This could be used, for example, to host a website or corporate email accounts, or for storing or transferring data files.
Data classification
This refers to how files are classified (e.g. public, internal use, confidential etc).
Document Management System
A Document Management System is a piece of software that can store, manage and track files or documents on an organisation’s network. It can help manage things like version control and who has access to specific files or documents.
Externally-hosted web services
Externally-hosted web services are services run on a network of external servers and accessed over the internet. This could include, for example, services that host websites or corporate email accounts, or for storing or transferring data files over the internet.
Intellectual property
Intellectual property (IP) refers to the ideas, data or inventions that are owned by an organisation. This could, for example, include literature, music, product designs, logos, names and images created or bought by the organisation.
Malware (short for “malicious software”) is a type of computer program designed to infiltrate and damage computers without the user’s consent (e.g. viruses, worms, Trojan horses etc).
Managed Service Provider (MSP)
A supplier that delivers a portfolio of IT services to business customers via ongoing support and active administration, all of which are typically underpinned by a Service Level Agreement. A Managed Service Provider may provide their own Managed Services, or offer their own services in conjunction with other IT providers’ services.
Penetration testing
Penetration testing is where staff or contractors try to breach the cyber security of an organisation on purpose, in order to show where there might be weaknesses in cyber security.
Personally-owned devices
Personally-owned devices are things such as smartphones, tablets, home laptops, desktop computers or USB sticks that do not belong to the company, but might be used to carry out business-related activities.
Phishing or social engineering
Fraudulent attempts to extract important information, such as passwords, from staff or to install malware, such as viruses, through downloads.
A type of malicious software designed to block access to a computer system until a sum of money is paid.
Removable devices
Removable devices are portable things that can store data, such as USB sticks, CDs, DVDs etc.
Restricting IT admin and access rights
Restricting IT admin and access rights is where only certain users are able to make changes to the organisation’s network or computers, for example to download or install software.
Risk assessment covering cyber security risks
This is the process of identifying and controlling any cyber security threats to an organisation’s data.
Smart devices
Network connected devices, like personal assistants, locks, alarms, or thermostats
Threat intelligence
Threat intelligence is where an organisation may employ a staff member or contractor, or purchase a product to collate information and advice around all the cyber security risks the organisation faces.
Two-Factor Authentication
Two-Factor, or Multi-Factor, Authentication is an electronic authentication method in which a user is granted access to a network or application only after successfully presenting two or more pieces of evidence to an authentication mechanism (e.g. a password and a one-time passcode).