Four in 10 UK businesses hit by cyber attack or breach in the last year

The number of businesses reporting a cybersecurity breach or attack in the last 12 months has fallen slightly compared with the previous year, according to government figures.

The annual Cyber Security Breaches Survey found that 43% of businesses and 30% of charities had experienced a breach or attack in the last year, which for businesses was down from 50% last year.

The report said the decrease was down to fewer small businesses reporting attacks, but warned that the prevalence of breaches among medium and large businesses remained high.

According to the figures, it was estimated that the average cost of the most disruptive breach for each business in the last 12 months was £1,600 for businesses and £3,240 for charities.

Cyber attacks on businesses and infrastructure have become increasingly common, and the Government has unveiled plans to introduce new legislation – the Cyber Security and Resilience Bill – designed to compel firms to beef up their cyber defences and better protect the UK from the growing threat.

Last year, the government also announced the designation of UK data centres as critical national infrastructure, meaning that in the event of a major incident, including a cyber attack, they will receive the same level of government support as utilities such as water and energy.

According to the Cyber Security Breaches Survey, the last 12 months have seen an improvement in good cyber hygiene practices among smaller businesses, with the uptake of cybersecurity risk assessments, cyber insurance, formal cybersecurity risk policy and continuity plans all reported as rising.

However, it said the number of high-income charities reporting good practices, such as carrying out risk assessments, had fallen.

The study said insights from charities suggest this could be linked to budget constraints.

The report said a formal cybersecurity strategy was found to be in place at 70% of large businesses, but only 57% of medium-sized firms.

Simon Whittaker, head of cybersecurity at IT firm Instil, said the UK needed updated cybersecurity laws to help better protect businesses from the “relentless” attacks they faced.

Mr Whittaker, who is a supporter of the CyberUp campaign, an industry coalition which is calling on the government to update existing cyber laws, said: “Today’s results paint a stark picture of the cyber threats facing UK organisations.

“Time and again, we see that businesses and charities are under relentless attack, but those on the front line of our digital defences are working with one hand tied behind their back by outdated legislation.

“The Computer Misuse Act 1990, drafted in a different era, is no longer fit for purpose.

“It risks criminalising the very professionals we rely on to detect, defend against and prevent these attacks.

“While other countries have moved with the times to empower their cybersecurity sectors, the UK is still relying on legislation written before smartphones, cloud computing or even the modern internet.

“The Government has rightly prioritised cybersecurity with the first dedicated cyber Bill and a wider focus on technology adoption and the digital economy.

“However, these efforts risk being undermined by legal constraints on our cyber defenders if our laws do not catch up with the reality of today’s threats.

“We urgently need a modern legal framework that protects the public and enables cybersecurity professionals to do their jobs.”

Cyber security minister Feryal Clark said: “These figures show why we’ve put such a focus on making sure the UK has robust cyber security defences in place.

“Cyber attacks are disrupting our citizens, businesses and economy, and this year’s survey puts the risks we face into sharp focus. While we are making progress, there’s still more to do, and we all have a role to play.

“That’s why in the last 10 days we’ve set out our plans for cyber security legislation and launched a suite of packages to support businesses in shoring up their defences – working to protect the public and the economic growth which is central to our Plan for Change.”