UK businesses have spent over £300m on staff-hours alone addressing cybersecurity attacks in 2021 - Business Leader News

UK businesses have spent over £300m on staff-hours alone addressing cybersecurity attacks in 2021

Cyber Security

A new study has found that three in ten UK businesses have already suffered some form of cybersecurity attack in 2021.

The research also revealed that businesses that set up an online shop in the past year were more likely (63%) to have suffered a cybersecurity attack, and that more than 10 million staff-hours have already been lost this year addressing cybersecurity attacks, amounting to £300m in staff -hours alone.

The study was undertaken by, an IT support provider who polled 1150 UK business owners, managers and heads of IT as part of the research.

It was initially found that as many as three in ten UK businesses (28%) have suffered some form of cybersecurity attack in 2021 already, with the majority of these (66%) involving phishing. The number was higher among small businesses, with 41% of these having suffered from a cybersecurity attack this year, followed by medium businesses (32%) and large business/corporations (27%).

Those that had only set up their business online in the past year were much more likely to have suffered a cyberattack in 2021 (65%) than those that had a pre-existing website for their business (26%).

When asked what sort of cybersecurity protection they had in operation, it was found that a surprising 18% were unsure what – if any – protection was in place.

However, it was also discovered that the majority of businesses in the UK (71%) have increased their cybersecurity budget since the start of 2020, with a further 83% stating it as a high priority for the business. Among businesses with more than 100 employees, cybersecurity was found to be a high priority for 93%.

The average time taken away from a business in the UK to address a cybersecurity attack was found to be 6 hours, equating to an average loss of £180 in staff-hours.

Given that there are 5.98 million businesses in the UK, the team were able to establish that over 10 million staff-hours are likely to have been spent addressing cybersecurity attacks in 2021 so far, equating to £301,442,400 in man hours.

Each respondent was asked if they had measures in place to protect remote working employees from cybersecurity attack, with just 21% of those (with remote workers) saying that they have.

Commenting on the findings, Mark Halpin, CEO at, said: “Cybersecurity attacks are a greater threat to UK businesses now than ever before, particularly with the last year forcing more and more SMEs to operate online. It’s concerning that there have been so many this year already; cybersecurity should be at the forefront of all businesses’ minds, with regular checks in place.”

Layered security

Ensure that you have layered security in place in order to limit access to your most sensitive data, should your system suffer a breach. Limit access to certain types of information – particularly the most sensitive – by adding layers of protection, like encryption, additional passwords, etc.

Train employees

Even if you have dedicated technical support staff in place, your employees are still liable to inadvertently cause breaches, or be targeted by cyberattacks, if they are not sufficiently trained. Ensure that all members of staff know how to use resources belonging to the company and have penalties in place for those that do not follow protocols.

Maintain good password practices

It can be easy to get lazy when it comes to passwords but, when it’s concerning your business, it’s vital that you maintain good practices. Passwords should be at least 12 characters and contain a mix of letters, numbers, symbols and capitals, to start. You should also make sure that you and your employees change passwords every three months, at a minimum.

Limit access

Regardless of whether you trust your employees or not, it’s important that you limit access to secure materials to those that require it for their job role. Not so much because your employees might steal your information, but those less trained in handling sensitive matter may be more open to suffering a cyberattack.

Update software

This is a key aspect of cybersecurity, and something that may be forgotten by many. Software updates often contain security patches and bug fixes, meaning that they are essential in keeping you and your business safe. As well as regularly updating software, you should also regularly back everything up in case of a breach – you can schedule these automatically to save you from forgetting.