UK cybercrime has doubled in last five years – costing businesses £87bn since 2015

Employment & Skills | Reports | Technology

The number of UK businesses succumbing to cyber-attacks has doubled in the last five years, with the sharpest spike in victim rates coming in the small-business community, according to Beaming, the specialist business ISP.

Beaming’s five-year cybersecurity study, details of which are published today in its Five Years in Cyber Security report, suggests that a quarter (25%) of UK businesses were victims of cybercriminals in 2019. This equates to 1.5 million businesses, up from 755,000 (13%) in 2015.

In every year of Beaming’s study, large companies (250+ employees) were most at risk, culminating last year with nine out of 10 (87%) falling victim. Small businesses experienced the steepest rise in victim rates: 28% of 11-50 person firms were hit in 2015, rising steeply to 62% last year.

The total cost of cybersecurity breaches over the last five years – including damaged assets, financial penalties and lost productivity – is believed to be more than £87bn.

Sonia Blizzard, managing director of Beaming, comments: “Cybercrime was one of the first fields to embrace automation, allowing hackers to launch increasingly sophisticated attacks with unprecedented scale and frequency. Businesses of all sizes need to think hard about improving the resilience of their IT and communication systems, to minimise the chances of being breached and the potential impact.”

“The threat has grown astronomically over the last five years. What used to be seen as a big-business problem has become a serious concern for every company director, manager and IT professional out there.

“Small businesses are now on the front line in the war against cybercrime. But they haven’t invested in cybersecurity or employee education at the same rate as their larger counterparts, and they are easier targets as a result.”

Cybersecurity trends identified through Beaming’s study

  • As companies grow they become more likely to be victims of cybercriminals. Over the past five years, larger companies were consistently breached at a higher rate than smaller businesses. The risk of becoming a victim increases by more than 60% when a company hires its first employees.
  • Although more companies are taking measures against cybercrime, uptake of these measures remains very low overall. In 2015, 5% of businesses had a cybersecurity policy; that figure is now 9%. In 2015, 30% of businesses had a firewall at the network perimeter; that figure is now 37%. In 2015, 20% of businesses put in place employee training and awareness-raising measures; that figure is now 22%.
  • Concern about cyber-crime has grown among senior business leaders over the last five years. More than a fifth of small (20%), medium (24%) and large companies (36%) now discuss a range of cyber threats at board level. The proportion of businesses taking additional steps to mitigate a range of cyber-risks has increased from 16% in 2015 to 37% last year.
  • Malware continues to be the biggest concern for business leaders, with 45% now taking additional measures to combat it (compared to 26% in 2015). Hacking and password attacks, where criminals use scripts that try a wide range of possible password combinations, were also big concerns for leaders.
  • Phishing is now the type of attack most likely to hit businesses. In 2019, Phishing was the most common form of a successful attack on every size of business – with the exception of micro-companies, where 1% more fell victim to malware (although in 2018 phishing was also by far the biggest threat to micros too). The proportion of businesses hit by phishing attacks grew by 50% in five years, from 6% in 2015 to 9% in 2019.
  • Staff members were responsible – either through malicious intent, neglect or genuine mistakes – for breaches in more than a third of cases. Business leaders held employees accountable for 37% of breaches in 2015, and 36% in 2019.
  • Beaming’s research indicates that almost two-thirds (61%) of UK businesses have minimal levels of cybersecurity defences in place, relying on anti-virus software and basic router protection to keep them safe. 69% of micro-businesses and 58% of small companies were in this situation at the start of 2020.

DATA TABLES

The proportion of businesses reporting falling victim to cybercrime

  2015 2016 2017 2018 2019
Solo (1 person) 12% 24% 10% 28% 21%
Micro (2-10 people) 18% 36% 27% 46% 34%
Small (11-50 people) 28% 55% 47% 63% 62%
Medium (51-250 people) 39% 65% 57% 61% 76%
Large (251+ people) 48% 71% 70% 73% 87%

Source: Beaming and Opinium, January 202

 

Top threats by business size

  2015 2016 2017 2018 2019
Solo Phishing 6%

Malware 5%

Denial service 4%

Phishing 18%

Malware 7%

Denial service 4%

Denial service 5%

Phishing 3%

Malware 2%

Phishing 23%

Malware 8%

Ransomware 2%

Malware 7%

Phishing 6%

Password attacks 6%

Micro Malware 8%

Phishing 6%

Denial of service 4%

Phishing 26%

Malware 16%

Denial of service 8%

Phishing 22%

Malware 14%

Social engineering 10%

Phishing 26%

Malware 17%

Password attacks 14%

Phishing 17%

Malware 12%

Password attacks 9%

Small Malware 14%

Phishing 11%

Hacking 4%

Phishing 26%

Malware 22%

Data breach 18%

Phishing 22%

Malware 14%

Hacking 11%

Phishing 26%

Malware 17%

Password attacks 14%

Phishing 29%

Malware 20%

Data breach 11%

Medium Malware 17%

Denial of service 12%

Phishing 11%

Malware 27%

Phishing 22%

Hacking 16%

Malware 20%

Password attacks 17%

Phishing 13%

Malware 34%

Phishing 29%

Hacking 21%

Phishing 29%

Malware 21%

Data breach 19%

Large Malware 21%

Hacking 16%

Phishing 15%

Malware 37%

Phishing 28%

Data breach 24%

Phishing 27%

Social engineering 19%

Malware 18%

Malware 34%

Phishing 29%

Hacking 21%

Phishing 38%

Malware 31%

Social engineering 25%

Source: Beaming and Opinium, January 2020

Did you enjoy reading this content?  To get more great content like this subscribe to our magazine

Reader's Comments

Comments related to the current article

Leave a comment

Your email address will not be published. Required fields are marked *