ICAEW.com works better with JavaScript enabled.

Cyber round-up: April 2024

Author: ICAEW Insights

Published: 30 Apr 2024

Our latest round-up of cyber news and insights features some of the key findings from recent government research on the UK’s cyber resilience, and the big stories from the past month.

More businesses are prioritising cyber security – but not enough

The National Cyber Security Centre (NCSC) published its 2024 Cyber Security Breaches Survey earlier this month. The survey found that more businesses have been putting basic security measures in place than last year. 

More large businesses and charities are training their staff and three-quarters of businesses say cyber security is a high priority for their senior management. This is lower than previous surveys from 2019 onward excluding last year. This decline seems to be primarily driven by micro-businesses and the effects of the pandemic.

Cyber insurance uptake has increased, but 19% of businesses and 18% of charities did not know if their employer has any form of cyber security insurance, despite the survey being carried out with the individual identified by the organisation as having most responsibility for cyber security.

Training and awareness sessions on cyber in medium and large organisations had continued to increase, but smaller and micro-businesses were slower in providing these sessions. There is also a declining awareness of the free resources provided by the NCSC, such as its Cyber Aware campaign and Cyber Essentials scheme. 

Boards engaging more with cyber

The Department for Science, Innovation and Technology also published its Cyber Security Longitudinal Survey in late March. It found that:

  • While board engagement with cyber risks and training continues to increase in large and medium businesses, this improvement was most evident in organisations with a lower cyber resilience. 
  • Organisations with a stronger cyber resilience were adhering to some standard or accreditation. At present this is only 35% of medium businesses, 47% of large businesses and 36% of high-income charities. 
  • The proportion of firms conducting supplier risk assessments had also increased, in line with the trends that ICAEW has been flagging in its cyber round-ups throughout the past year as a key recommendation. 
  • Investment in cyber security had remained stable or had reduced, though the survey also notes that relative resilience had increased. 

This survey and the NCSC report point to organisations continuing to invest in cyber security despite economic conditions, but that awareness of available resources is in decline. It is important that members continue to flag the importance that employee awareness will have in mitigating threats. 

Phishing emails continue to be the most common method of hacking and can only be combated with critical thinking – employees need to be given the right support to help identify potentially fraudulent emails. 

Updated Cyber Assessment Framework

The NCSC has also published its revised Cyber Assessment Framework (CAF) to improve its alignment with the Cyber Essentials scheme by mirroring some of the requirements. Some limited aspects of AI-related cyber risk are reflected in the framework sections covering automated functions and automated decision-making technologies and the NCSC is continuing to monitor the impact of AI in more detail to inform future iterations of the CAF.

A near miss?

On 29 March, a Microsoft engineer noticed that a tool for logging into remote machines was much slower than usual. He discovered that a software package called XZ Utils (a critical utility for compressing and decompressing data on Linux) had been compromised, via a backdoor being built into the software. Linux, and by extension XZ Utils, is the backbone operating system for most of the publicly accessible internet servers globally. 

XZ Utils is an open-source piece of software, meaning that its code is publicly available. Updates are made by groups of unpaid software engineers. This was a supply chain attack designed to make backdoors for unauthorised access into the guts of our networked world. The malicious contributor in question made themselves the contact for code testing and opted to remove a test that would have caught their insertions. 

However, it should be noted that XZ Utils is a large open-source project, so identification was reliant on the large community involved. Most open-source projects are much smaller, and these sorts of malicious insertions might be occurring without community members noticing. There is an incoming update for these open-source projects to see who new contributors are, and whether older contributors are performing things differently. 

A lot of modern networks are reliant on open-source software, and these are particularly susceptible to having malicious code inserted. When conducting third-party risk assessments and due diligence it is vital that these systems be identified. 


In mid-April the police announced that they had taken down a gang which was providing cloud-based software for scammers, a business model that has been coined as “Phishing-as-a-Service”, named LabHost. These included tools which: 

  1. Let users design and launch their own scam campaigns designed to trick people into handing over sensitive information.
  2. Hosting phishing pages, web pages designed to look like legitimate websites for banks, postal services, insurers and others also designed for gaining access to sensitive information. 
  3. More specialised tools for adversary-in-the-middle attacks, a method to insert an attacker between the communications of two parties such that these communications go through them. 

It has been reported that LabHost had 2,000 paying customers, who used these services to defraud hundreds of thousands of victims. Investigators have seized more than 800 LabHost customer emails and arrested 37 people globally.

This ultimately shows how sophisticated and organised bad actors are becoming. Cybercrime is becoming increasingly like modern businesses, with service-driven providers like LabHost and LockBit (which was taken down earlier this year). It is also increasingly automated, as we have seen with scams involving AI-generated email text and deepfakes of senior leaders. This ecosystem is also becoming very resilient, with LockBit seemingly back in operation after only a few days of law enforcement action. 

Members will need to be ever vigilant; this is the new normal and we will need to adapt to hostile actors as they continue to adapt.

ICAEW Manifesto

ICAEW sets out its vision for a renewed and resilient UK, drawing on insights and expertise from its members.

Manifesto 2024: ICAEW's vision for a renewed and resilient UK

Recommended content

Keep up-to-date with tech issues and developments, including artificial intelligence (AI), blockchain, big data, and cyber security.

Keep up-to-date with tech issues and developments, including artificial intelligence (AI), blockchain, big data, and cyber security.

Read more
ICAEW Community
Data visualisation on a smartphone
Data Analytics

Helping finance professionals develop the advanced data analytics and visualisation skills needed to succeed in this insight-driven era.

Find out more
latest cyber security articles
Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields

Add this page to your CPD activity

Step 2 of 3
Mandatory field

Add activity to my record

Step 3 of 3
Mandatory field

Activity added

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250