Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Cyber-Attacks Cost UK Firms £30bn in 2016

Cyber-attacks may have cost British businesses as much as £30 billion last year, with over half falling victim, according to new research from business ISP Beaming.

The firm polled over 540 businesses around the country from a representative sample and extrapolated the findings with the help of government stats about the number of companies in the UK.

It claimed that 52% of British businesses fell victim to a cyber-attack in 2016, amounting to 2.9 million; they also lost in the region of £29.1 billion in the process.

Phishing and viruses were the most common threats, affecting nearly a quarter (23%) of those surveyed, while 18% suffered a hack or data breach.

Although ransomware claimed fewer scalps – 388,000 as opposed to 1.3m for phishing attacks – it cost firms a lot more: £7.3 billion versus £5.9 billion.

In fact, it was judged to have cost UK firms a lot more than social engineering (£5.3bn), denial of service (£4.6bn), breaches (£916m), or viruses (£5bn).

The risk of data theft is the one that boardrooms up and down the country are most concerned about, with 30% of firms discussing these in leadership meetings.

That figure was down at just 18% a year ago, and perhaps has risen in part due to the coming European data protection regulations in May 2018 which could levy huge fines if customer data is stolen and the firm in charge is found not to have adequately secured it.

Smaller businesses were said to have adopted new technologies such as unified threat management, web application firewalls and network access control systems the fastest. However, this could be because many of their larger counterparts already had such mechanisms in place.

It was larger firms that were most at risk of being attacked – with 71% of those with 250+ employees being hit in 2016 versus 31% of companies with fewer than 10 employees. 

Sonia Blizzard, managing director of Beaming, told Infosecurity it is possible that undetected breaches are higher in smaller firms not equipped to spot such attacks.

"It's encouraging that small businesses are accelerating investment in more sophisticated cyber security measures and the ability to detect attacks as it is clearly not just a big business issue," she added.

The Beaming estimates aren’t too far away from the £34 billion per year figure arrived at by the Centre for Economics and Business Research (CEBR) in a 2015 report.

What’s Hot on Infosecurity Magazine?