The Government Cyber Security Breaches Survey, organised by the Department for Digital, Culture, Media & Sport (DCMS), found that 39% of UK businesses had experienced a cyberattack in the past 12 months.
The study is used to inform government policy on cyber security, aligned with the National Cyber Strategy, and to help make the UK cyber space a secure place to do business, according to the DCMS. The survey was carried out in winter 2021/22 and considers policies, processes, experiences and approaches to cyber security for businesses, charities and educational institutions.
39% of UK businesses had experienced a cyberattack in the past 12 months, the same percentage as last year. The most common cyberattack type was phishing attempts (83%), although of the 39%, around one in five (21%) identified a more sophisticated attack type such as a denial of service, malware, or ransomware attack.
Within the group of organisations reporting cyberattacks, 31% of businesses and 26% of charities estimate they were attacked at least once a week and one in five businesses (20%) and charities (19%) say they experienced a negative outcome as a direct consequence of a cyberattack.
The average estimated cost of all cyber attacks in the last 12 months was £4,200 – though this figure rises to £19,400 for medium and large businesses. 82% of boards or senior management rate cyber security as a ‘very high’ or ‘fairly high’ priority – an increase of 5% since 2021, while 50% of businesses and 42% of charities say they update the board on cyber security matters at least quarterly.
Following the publication of the latest Government Cyber Security Breaches Survey, the Security Awareness Special Interest Group (SASIG) has underlined the need for improved real-world cyber resilience within businesses.
Martin Smith MBE, Founder and Chairman of The SASIG, said: “It’s clear from these latest Government findings that cyberattacks are very much still an issue for British businesses, small and large. The findings illustrate that the impacts of these attacks are operational and financial, with the estimated cost of attacks in the last 12 months amounting to £4,200 and rising to £19,400 when looking specifically at medium and large businesses. The Government itself admits that these figures are also probably underreported which is extremely worrying.
“While many businesses are working to prevent such attacks and put plans in place to deal with them when they occur, it is clear more still needs to be done.” Smith added: “Threats are constantly evolving, so having clear and concise cyber security procedures that are respected and adhered to business-wide is key to building robust resilience.