Cyber Hygiene: Reflecting on 2024 Progress

Published:

Fresh from the mind of...

Photo of author

Sam Vesey

Technical Director
Sam is an IT and Cyber Security expert, holding a vast array of industry certifications including CCNP, OSCP and CCNA x2.

Sam is certified to Network Professional level and takes ownership of the bzb IT technical blueprint. His primary responsibility is to ensure bzb IT is at the forefront of understanding how SMEs adopt the latest IT in a secure & profitable way
by

Firstly, it’s important to identify what is truly meant when we use ‘cyber hygiene’, as it’s a relatively underused term that is often overshadowed by the wider  ‘cyber security’ umbrella. CrowdStrike describes cyber hygiene as ‘the practices computer users adopt to maintain the safety and security of their systems in an online environment’, while suggesting that practicing good cyber hygiene, allows users & businesses to:

  • Reducing the risks and consequences of cyber attacks.
  • Promoting customer trust.
  • Reducing costs and downtime.
  • Inhibiting unwanted access to systems.
  • Improving the overall security posture.
  • Reducing the likelihood of data breaches.
  • Enhancing productivity and efficiency by minimising interruptions and expenses due to cyber attacks.

(Cyber Hygiene Explained: Common Mistakes + Best Practices | CrowdStrike)

Ultimately, the use of cyber hygiene and cyber security fall within the same realm, and businesses should be looking to maximise their efforts across both areas, with cyber security taking the extra steps to further detect, and reflect any threats to a business’s operation and data.

Key Findings from the 2024 Cyber Security Breaches Survey

Last years ‘Cyber Security Breaches Survey 2024’ (Cyber security breaches survey 2024 – GOV.UK)  revealed positive data, to show that businesses across the UK are slowly becoming more adoptive regarding basic cyber hygiene approaches. As it was revealed that compared to results in 2023, the deployment of various controls and procedures has risen among businesses.

Businesses reportedly using up-to-date malware protection saw a 7% increase (up from 76% to 83%), while the number of organisations restricting admin rights, had also positively increased by 6% (up from 67% to 73%). Network firewalls and the number of businesses implementing them, had seen the largest increase, with a 9% raise in adoption (up from 66% to 75%), while agreed processes for phishing emails noticed a healthy 6% increase (up from 48% to 54%).

While these improvements reflect a positive sign of growing awareness amongst UK businesses, the simply sticking to the fundamentals of cyber hygiene practices can cause longer term issues of businesses, especially those on the larger end of the SME scale and beyond. Businesses should look at certifications such as Cyber Essentials (& Cyber Essentials Plus), as a great next technical step up in their cyber security efforts. For businesses that have already implemented basic measures like firewalls and malware protection, Cyber Essentials helps ensure these are properly configured and consistently maintained. According to IASME (The Five Core Controls of Cyber Essentials – Secure Configuration – IASME – Home), the five controls of Cyber Essentials are:

  • User Access Control – Ensuring that only authorised individuals can access sensitive systems and data by managing user accounts and restricting access based on roles.
  • Security Update Management – Regularly applying software patches and updates to fix vulnerabilities and ensure systems are protected against known threats.
  • Secure Configuration – Implementing secure configurations for systems and devices to minimise security risks, such as disabling unnecessary services or accounts.
  • Malware Protection – Installing and maintaining anti-malware software to detect and block malicious software that could compromise systems.
  • Firewalls – Setting up and properly configuring firewalls and routers to prevent unauthorised access and secure networks against external threats.

Looking Ahead: What the ‘Cyber Security Breaches Survey 2025’ Report Could Reveal

As we reflect on the progress made in 2024, it’s important to keep an eye on the future. The UK Home Office & the Department for Science, Innovation & Technology, has confirmed that the 2025 Cyber Security Breaches Survey, is set to be released on the 10th of April at 9:30am (still correct as of 25/03/2025). This report will provide further insights into the state of cyber hygiene and the overall cyber security within UK businesses. While the 2024 survey showed encouraging growth, particularly in the adoption of fundamental controls like malware protection and firewalls, the 2025 report could reveal whether these improvements are sustainable and if businesses have continued to evolve their practices beyond the basics.

We can expect to see:

  • Further Increases in Basic Cyber Hygiene Measures / The 2024 report highlighted significant improvements in areas such as malware protection, admin rights restrictions, and phishing processes. The 2025 survey will likely show whether these trends have continued or plateaued, indicating whether businesses are sustaining their efforts or if complacency is starting to set in, with the discussion around cyber security continuing on in a great way, it’s fair to expect to see an increase in adoption of these basic measures from UK businesses.
  • Expansion to more Security Practices Like Cyber Essentials / As businesses move beyond basic measures, we may see more adoption of certifications like Cyber Essentials and Cyber Essentials Plus. There is some positive data to support this, as only last week, IASME revealed on social media, that at the end of 2024, they had issued their 200,000th cyber essentials certification, as huge milestone within the scheme.
  • Challenges in Scaling Security Practices / While smaller businesses have been making strides, the wider SME market and larger businesses may face unique challenges in scaling security practices effectively across a growing organisation. The 2025 survey could highlight the areas where larger businesses are struggling and where additional support or resources are needed.
  • The Impact of Emerging Threats / With cyber threats becoming increasingly sophisticated thanks to the ever-growing increase in AI technologies, the 2025 report may explore how businesses are adapting to these new challenges.

Conclusion

Looking ahead to the 2025 Cyber Security Breaches Survey, we’ll see if the positive trends in cyber hygiene continue and whether businesses are moving beyond basic measures to adopt more practices like Cyber Essentials. With IASME recently issuing its 200,000th Cyber Essentials certification, it’s clear that businesses are recognising the value of these certifications. As threats grow in sophistication, the need for scalable and robust security, will only increase.

At bzb IT, we’re here to support businesses in enhancing their cyber security, from implementing essential controls to achieving Cyber Essentials certification. As a Certification Body for Cyber Essentials and a Cisco Select Integrator & Core Security Specialized Partner, we are well-equipped to help your business stay ahead of emerging threats and maintain a secure environment.

Related articles

Embracing Modern Protection with Microsoft Defender and Intune
Embracing Modern Protection with Microsoft Defender and Intune

March 2026

More news

Stay in the loop

Subscribe to our monthly newsletter for updates from the team, smarter ways to manage your IT and the latest industry news, straight to your inbox. 

Existing Clients

support@bzbit.co.uk

New to bzb

hello@bzbit.co.uk

Address

BZB IT LTD

bzb IT - Bath

4 Kelso Place
Bath
BA1 3AU

bzb IT - Bristol

33 Colston Ave
Bristol
BS1 4UA

Back to top ↑

Privacy Policy

© 2025 BZB IT LTD.

WhatsApp Button

Company Registration No: 11360738