The most common form of cyber attack was phishing attempts (83%), although of the 39% of businesses mentioned, around one-in-five (21%) identified a more sophisticated attack type such as a Denial of Service, malware or ransomware-focused episode.
Within the group of organisations reporting cyber attacks, 31% of businesses and 26% of charities estimate that they were attacked at least once each week and one-in-five businesses (20%) and charities (19%) say they experienced a negative outcome as a direct consequence of each cyber episode.
Issue for the business community
Martin Smith MBE, founder and chair of the SASIG, said: “It’s clear from these latest Government findings that cyber attacks are still very much an issue for British businesses, be they small or large in scale. The findings illustrate that the impacts of these attacks are operational and financial, with the estimated average cost of attacks in the last 12 months amounting to £4,200 and rising to £19,400 when looking specifically at medium and large-scale businesses. The Government itself admits that these figures are also probably underreported, which is extremely worrying.”
Smith went on to comment: “While many businesses are working to prevent such attacks and put plans in place to deal with them when they do occur, it’s abundantly clear that more work needs to be done in this area.”
The survey has identified key areas of weakness, which include the fact that almost half of businesses (46%) had not taken action to identify cyber security risks in the past 12 months. There are broader supply chain issues in terms of cyber security and a lack of understanding of cyber risks at Board level.
Smith concluded: “Threats are constantly evolving, so it follows that having clear and concise cyber security procedures that are respected and adhered to business-wide is going to be key for building robust resilience.”