Two thirds of big businesses hit by a cyber-attack in past 12 months
A new government study has found that around two thirds of large businesses in the UK have been hit by a cyber-breach or attack over the last 12 months.
According to the Cyber Security Breaches Survey 2016, 65% of large firms had detected a cyber security breach or attempted attack over the past year. Many had suffered multiple attacks, with a quarter of big businesses reporting that they had experienced a breach at least once per month.
The most costly breach identified by the survey cost £3 million while the average cost to business from a cyber breach stood at £36,500. As well as the costs of repairing any damage and installing extra security, other costs can include fraud and intellectual property theft, customer data loss and reputational damage.
A previous government study estimated the overall cost of cyber-crime to the UK economy to be in the region of £27 billion. In some cases the costs of cyber-crime have left individual businesses facing insolvency, as they are unable to recover from the initial damage. Other options may be available to rescue companies too, such as a CVA for example, but this will often depend on a case by case basis.
Many businesses recognise the dangers of cyber-crime, with more than two thirds (69%) saying cyber security was a high priority for senior managers. Despite this, only around half (51%) of companies have taken recommended actions to identify specific risks associated with cyber-crime. Less than a third (29%) have formal written cyber security policies and only 10% have a formal incident management plan in place.
68% of reported attacks involved viruses, spyware and other types of malware while 32% involved an impersonation of the targeted organisation.
While big businesses were targeted more frequently, smaller businesses are certainly not immune to cyber-attacks and the report found that many could be doing more to protect themselves from this type of crime. While 62% of large companies employed staff who had undergone some sort of cyber-security training within the last 12 months, this fell to 38% of medium-sized and just 22% of small businesses.
By Phil Smith