Over 1.5 million UK firms were compromised by threat actors last year, costing them more than £31.5bn ($40bn), according to new data from business ISP Beaming.
The firm polled 500 business leaders about security breaches that impacted their organization in 2023, including how much it cost them to manage each incident. This included data recovery, replacing IT assets and people, business interruption, lost business and regulatory penalties.
It then calculated median figures provided by respondents for each cybercrime and business size and multiplied them by the size of the business population, based on government figures.
The resulting report, Price of Insecurity: The Cost of Business Cybercrime in 2023, revealed the total cost of breaches has surged 138% since 2019, when the estimate was £12.8bn.
It claimed that more than a quarter (27%) of UK businesses fell victim to cybercrime in 2023 at an average cost of £5500.
Read more on UK breaches: UK Privacy Regulator Names and Shames Breached Firms
Cybercrime rates for the largest (250+ people) and smallest (one person) businesses actually declined. However, they increased in all SME segments. Small businesses (11-50) experienced the steepest rise in victims (42%) and costs (396%) between 2019 and 2023.
“While large businesses are proving more resilient to cybercrime, the cost of breaches is soaring, and SMEs are being hit harder than ever before,” argued Beaming managing director, Sonia Blizzard.
“Businesses are investing in training and technology but they’re under sustained attack. So as the use of technology helps business to grow, the investment in cybersecurity training also needs to be maintained.”
Firms of all sizes appear to have ramped up cybersecurity investments, with most now providing employee training and adopting tools like network perimeter firewalls, site-to-site VPNs and unified threat management (UTM) devices.
However, cyber-threats are still hitting home. According to the report, phishing (679,000 victims) was the most common attack vector, followed by malware (426,000) and insider threats (412,000).
Business email compromise (BEC) and social engineering were almost neck and neck in terms of the highest grossing threat types for cybercriminals, followed by credential stuffing and then ransomware.