Around a third (31%) of businesses experience cyber-attacks or breaches at least once a week, according to new figures published in the UK government’s Cyber Security Breaches Survey 2022 report.
Over a quarter (26%) of charities also reported being hit by attacks at least once a week, and the government is urging all organizations to strengthen their cybersecurity practices in response to the growing threat landscape.
The annual survey of UK businesses, charities and education institutions found that around two in five (39%) companies and roughly a third (30%) of charities experienced breaches or attacks in the past 12 months. This is a similar proportion to that reported in last year’s survey. One in five businesses (20%) and charities (19%) admitted they experienced a negative outcome as a direct consequence of a cyber-attack.
Of the 39% of businesses that identified attacks, by far the most common threat vector was phishing (83%). Around one in five (21%) of these firms identified more sophisticated attack types like denial of service, malware or ransomware.
The average estimated cost of all cyber-attacks was £4200 in the past 12 months. However, for medium and large firms, this cost surged to £19,400.
Encouragingly, the report revealed that UK organizations are placing increased attention on the security of supply chains and digital services following numerous high-profile incidents in the past year, such as the Kaseya and Colonial Pipeline attacks. For example, 82% of senior managers now view cybersecurity as a ‘very high’ or ‘fairly high’ priority, significantly up from 77% in 2021.
However, while two in five (40%) of businesses and a third (32%) of charities use at least one managed service provider, just 13% of companies reviewed the risks posed by immediate suppliers.
The report also found that under a fifth (19%) of businesses have a formal incident response plan, while 39% have assigned roles should an incident occur.
The government also emphasized it is not aware of any specific cyber-threats to UK organizations emanating from the Russia-Ukraine conflict, in line with recent NCSC guidance. However, it said businesses should take advised actions amid a period of heightened cyber-threats.
Cyber Minister Julia Lopez commented: “It is vital that every organization takes cybersecurity seriously as more and more business is done online and we live in a time of increasing cyber risk.
“No matter how big or small your organization is, you need to take steps to improve digital resilience now and follow the free government advice to help keep us all safe online.”
At the end of last year, the UK government published a new national cyber strategy to bolster the nation’s defensive and offensive capabilities amid rising attacks from criminal gangs and nation-state actors.