Phishing attempts were the most common attack method identified by UK businesses over the past 12 months.

The study, from the Department for Digital, Culture, Media & Sport, found around one in five - 21 per cent - of these businesses identified a more sophisticated attack type such as a denial of service, malware, or ransomware attack.

Over a third - 39 per cent - of UK businesses identified a cyberattack in the past 12 months according to the report, remaining consistent with previous years of the department’s survey.

Within the group of organisations reporting cyberattacks, 31 per cent of businesses and 26 per cent of charities estimated they were attacked at least once a week.

One in five businesses and 19 per cent of charities said they experienced a negative outcome as a direct consequence of a cyberattack, while 35 per cent of businesses and 38 per cent of charities experienced at least one negative impact.

Looking at organisations reporting a material outcome, such as loss of money or data, the report gave an average estimated cost for cyberattacks in the last 12 months of £4,200.

Considering only medium and large businesses; the figure rises to £19,400 according to the report, which acknowledged the lack of framework for estimating the financial impacts of cyberattacks may lead to underreporting.

The report found around four-in-five - 82 per cent - of boards or senior management within UK businesses rate cyber security as a ‘very high’ or ‘fairly high’ priority, representing an increase of 77 per cent in 2021.

Just under three quarters - 72 per cent - of charities rated cyber security as a ‘very high’ or ‘fairly high’ priority and additionally 50 per cent of businesses and 42 per cent of charities said they update the board on cyber security matters at least quarterly.

Larger organisations are correlated throughout the survey with enhanced cyber security, which the department attributed to increased funding and expertise.

In terms of large businesses’ cyber security; 80 per cent update the board at least quarterly, 63 per cent conducted a risk assessment, and 61 per cent carried out staff training; compared with 50 per cent, 33 per cent, and 17 per cent respectively for all businesses.

Share Story: