Phishing attacks ‘most common’ cyberattack method

Phishing attempts were the most common attack method identified by UK businesses over the past 12 months.

The study, from the Department for Digital, Culture, Media & Sport, found around one in five - 21 per cent - of these businesses identified a more sophisticated attack type such as a denial of service, malware, or ransomware attack.

Over a third - 39 per cent - of UK businesses identified a cyberattack in the past 12 months according to the report, remaining consistent with previous years of the department’s survey.

Within the group of organisations reporting cyberattacks, 31 per cent of businesses and 26 per cent of charities estimated they were attacked at least once a week.

One in five businesses and 19 per cent of charities said they experienced a negative outcome as a direct consequence of a cyberattack, while 35 per cent of businesses and 38 per cent of charities experienced at least one negative impact.

Looking at organisations reporting a material outcome, such as loss of money or data, the report gave an average estimated cost for cyberattacks in the last 12 months of £4,200.

Considering only medium and large businesses; the figure rises to £19,400 according to the report, which acknowledged the lack of framework for estimating the financial impacts of cyberattacks may lead to underreporting.

The report found around four-in-five - 82 per cent - of boards or senior management within UK businesses rate cyber security as a ‘very high’ or ‘fairly high’ priority, representing an increase of 77 per cent in 2021.

Just under three quarters - 72 per cent - of charities rated cyber security as a ‘very high’ or ‘fairly high’ priority and additionally 50 per cent of businesses and 42 per cent of charities said they update the board on cyber security matters at least quarterly.

Larger organisations are correlated throughout the survey with enhanced cyber security, which the department attributed to increased funding and expertise.

In terms of large businesses’ cyber security; 80 per cent update the board at least quarterly, 63 per cent conducted a risk assessment, and 61 per cent carried out staff training; compared with 50 per cent, 33 per cent, and 17 per cent respectively for all businesses.

    Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.