Due to 73% of organisations in the UK stating that ransomware attacks affected them in 2022, Phoenix conducted a survey into the housing sector to understand how underprepared UK housing associations are from cyber security threats. With support from the NHF, its findings revealed that housing associations are particularly at risk from ransomware, data breaches, and retention of skilled IT professionals.

Other insights in ‘The State of Cyber Security in Housing 2023’ include:

• With only 4% of housing associations feeling the sector is fully prepared for a ransomware attack, it’s obvious that this is a particular weak spot within the industry that they feel needs rectifying. Coupled with the recent rise of identified ransomware attacks on organisations (15% increase since 2022), it’s crucial that housing associations put appropriate measures in place to protect their organisation and those they serve.
• One of the biggest consequences of any attack for housing associations, due to the vast amounts of sensitive and confidential information held by them, is a data breach. From the findings, Phoenix discovered that almost half of the housing sector believes they’re unprepared for a data breach.
• In the event of a successful cyber attack or data breach, it’s crucial for organisations to be able to respond and recover from the incident. Currently, only a third of housing associations feel the sector is fully prepared for incident response, meaning the majority feel they’d struggle to handle and mitigate the impact of a cyber security incident.
• A common problem across the public sector is its ability to recruit and retain appropriately skilled cyber security professionals and this is no different in the housing sector.
• Almost half of the sector feels that they are unprepared for recruiting and retaining cyber security staff, resulting in them struggling to effectively manage risks internally.
  Our findings found that a third of housing organisations are underprepared for promoting strong security education and awareness behaviours. This could be due to limited resources, time constraints, and varying levels of technical proficiency among staff members.
• Almost half (46%) of housing associations are underprepared for disaster recovery
• 73% of organisations in the UK stated that ransomware attacks affected them in 2022

A spokesperson for Phoenix said: “Housing associations often have all the right policies and processes, however with cyber security there is a greater need to do these things really well and consolidate the ‘organisation and technical’ measure so that they are effective and manageable for fairly small technical teams. We think managed EDR (MDR) or SOC functions will be necessary in the future.

“An organisation that is more worried about the disruption of implementing cyber security configuration and policies than the risk of disruption from a successful cyber attack, will inevitably suffer an attack. The leaders have to be sold on the risks and the IT team be able to effectively implement change for the purposes of greater security.”