Four in ten UK businesses were victims of cyber security breaches or cyber attacks in 2020/21, according to the Department for Digital, Culture, Media & Sport. This figure leaps up to two thirds amongst medium and large businesses.
Of those hit, one in five lost money, data or other assets while a third found their businesses disrupted or otherwise negatively affected. Where money was lost, figures typically landed in the tends of thousands.
More alarming is the frequency of attacks. Half of affected businesses report that they suffer cyber attacks monthly and a quarter suffer them weekly. Worryingly, the rates of attacks are increasing: in 2017, 37% of affected businesses only suffered one attack; in 2021, this figure has fallen to 19%.
With more of work than ever taking place largely or entirely within a virtual environment, UK businesses are stuck in an arms race between their cyber security measures and determined hackers who grow more active every year.
Phishing (fraudulent emails designed to trick recipients into opening a malicious link) alone accounts for around 80% of reported cyber security attacks. Half of businesses did not experience any other type of cyber security attack over the period surveyed.
While the prevalence of other types of cyber attacks have decreased over time as businesses have become more cyber-aware, phishing has risen by more than 10% in just four years. This trend is expected to continue as remote work becomes more widespread.
The relentless assault of phishing attacks on UK businesses highlights the importance of staff training in how to identify a phishing email. A successful phishing attack is often step one in a plan involving serious cyber attacks utilising malware or ransomware, which were reported by 9% and 7% of affected businesses respectively.
The move to widespread remote working as a response to the COVID-19 pandemic and greater general reliance on virtual business environments has made cyber security more difficult for businesses to implement.
In 2021 there has been an across-the-board drop in the use of cyber security measures, with fewer businesses reporting the use of up-to-date malware protection or security monitoring.
Security monitoring shows especially poor uptake, implemented by only a third of UK businesses. Use of other cyber security essentials showed equally worrying figures, with risk assessments at 34%, mock phishing exercises at 20% and penetration testing at just 9%.
All figures significantly improve amongst medium and large businesses, leaving smaller businesses (the majority of which did not change cyber security policies when they shifted to remote working) most vulnerable to cyber attacks.
With the shift to flexible and remote working likely to remain after pandemic measures have been lifted, it is vital that UK businesses overcome the challenge of keeping cyber security up to date in remote working environments where equipment cannot be easily accessed.
To respond to increasing threat that cyber attacks pose to the security of UK businesses, Magenta Security have lunched Threat Evolution, a new specialist cyber security division offering staff training, cyber security assessments and ongoing consultation.
Like all our other security services, our cyber security packages are bespoke to the needs of your business, allowing you to tailor your level of protection and what you pay for it to your specific risk level.
To learn more about Threat Evolution, click here or call us now on 0333 090 8340.
Magenta Security provide award winning security services throughout the UK. We are in the top 5% of ACS approved contractors and were the first security company in Europe to be awarded ISO 14001 for our environmental management systems.