The number of UK businesses succumbing to a cyber-attack has doubled in the last five years, claims specialist business ISP Beaming
Its Five Years in Cyber Security report reveals that 1.5 million UK businesses, 25% of the total, were victims of cyber-crime in 2019, up from 755,000 (13%) in 2015.
As in previous years, large businesses (250+ employees) were at greatest risk, with 87% falling victim to crime last year. However, the steepest rise was in small businesses, with 62% of firms with 11-50 people being hit in 2019, up from 28% in 2015.
Beaming estimates the total cost of cyber security breaches over the last five years, from damaged assets, financial penalties and lost productivity, to be more than £87 billion.
Sonia Blizzard, Managing Director of Beaming, said: “The threat has grown astronomically over the last five years. What used to be seen as a big business problem has become a serious concern for every company director, manager and IT professional out there. Small businesses are now on the front line in the war against cybercrime. But they haven’t invested in cyber security or employee education at the same rate as their larger counterparts and they are easier targets as a result.”
The research shows that although more companies are taking measures against cyber-crime, overall rates are very low. In 2015, 5% of businesses had a cyber security policy; that figure is now 9%. In 2015, 30% of businesses had a firewall at the network perimeter; that figure is now 37%. In 2015, 20% of businesses put in place employee training and awareness-raising measures; that figure is now 22%.
The research also reveals that:
*Concern about cyber-crime has grown among senior business leaders over the last five years. More than one fifth of small (20%), medium (24%) and large companies (36%) now discuss a range of cyber threats at board level. The proportion of businesses taking additional steps to mitigate a range of cyber-risks has increased from 16% in 2015 to 37% last year;
*Malware continues to be the biggest concern for business leaders, with 45% now taking additional measures to combat it (up from 26% in 2015). Hacking and password attacks, where criminals use scripts that try a wide range of possible password combinations, were also big concerns;
*Phishing is now the type of attack most likely to hit businesses. In 2019, Phishing was the most common form of successful attack on every size of business – with the exception of micro companies, where 1% more fell victim to malware (although in 2018 phishing was also by far the biggest threat to micros too). The proportion of businesses hit by phishing attacks has grown by 50% in five years, from 6% in 2015 to 9% in 2019.
*Staff members were responsible for breaches in more than a third of cases, either through malicious intent, neglect or genuine mistakes. Business leaders held employees accountable for 37% of breaches in 2015, and 36% in 2019.
*Beaming’s research indicates that almost two-thirds (61%) of UK businesses have minimal levels of cyber security defences in place, relying on anti-virus software and basic router protection to keep them safe.