Cyber security breaches report
Every year the government conducts a study into cyber security of UK businesses. The latest study from the Department of Culture, Media & Sport saw 1523 businesses surveyed about their approach to cyber security, and the attacks that they’d seen in the last year.
This number was made up of:
- 506 micro firms with 2-9 employees
- 479 small firms with 10-49 employees
- 363 medium firms with 50-249 employees
- 175 large firms with 250+ employees
The survey documented some interesting findings about cyber security. Of the businesses surveyed, 46% had experienced a cyber security breach in the last 12 months. When broken down, the numbers show that 45% of micro/small businesses, 66% of medium businesses and 68% of large businesses had experienced at least one cyber security breach. In fact, the median number of breaches experienced by small, medium and large business was two, four and eight respectively.
There were a number of different types of breaches, but by far the most common type of attack was email. Staff receiving fraudulent emails accounted for 72% of the total number of breaches. 33% of the breaches were classified as viruses, spyware or malware, and ransomware accounted for 17%. Read our blog on how to keep your inbox safe from spam emails.
The cost of cyber attacks
These breaches come with a significant cost to the business. Through lost/stolen customer data, or resource lost by time taken to recover from the attack, the average cost of security breaches to micro/small businesses was £1,380 in the last 12 months. For medium businesses this figure rose to £3,000 and for large businesses where the median number of breaches was a lot higher, the average cost of security breaches was £19,600.
19% of businesses who experienced a breach said that it took more than a day for the business to restore all business operations. 33% of small businesses had to use additional staff time to deal with the breaches, and 23% said the breaches stopped staff from carrying out their day-to-day work. Even still, 26% of UK businesses say senior managers consider cyber security to be a low priority.
Of those who consider it a low priority, over a third (37%) say the main reason for that is they don’t consider cyber security to be relevant to their organisation. However, 35% of those suffered a security breach of some kind in the last year.
‘It doesn’t affect us’
That being said, 26% of small businesses surveyed said that they have no cyber security measures in place. Of those, 39% think they are too small or insignificant for cyber security, and astonishingly 22% think they have nothing of value to attackers.
Cyber security and the cloud
The survey also found an increase in the adoption of cloud computing among UK businesses. Seeing a 10% increase on last year, 59% of businesses use some sort of externally-hosted web service. 60% of these businesses store commercially confidential information in the cloud, and over half (55%) store customer’s personal data on the cloud. Interestingly in the financial sector, these numbers increase to 69% and 67% respectively. 90% of businesses in the financial industry treat cyber security as a high priority. This shows that businesses for whom cyber security is important are far more likely to adopt an external cloud solution to host their data.