Cyber crime costs UK businesses £87bn in 5 years

Asset 35
Press Releases

UK Cyber Crime has doubled since 2015

UK cybercrime has doubled in the last five years, costing businesses £87 billion since 2015

The number of UK businesses succumbing to cyber attacks has doubled in the last five years, with the sharpest spike in victim rates coming in the small-business community, according to our research.

Beaming’s five-year cybersecurity study suggests a quarter (25%) of UK businesses were victims of cyber criminals in 2019. This equates to 1.5 million businesses, up from 755,000 (13%) in 2015.

In every year of Beaming’s study, large companies (250+ employees) were most at risk, culminating last year with nine out of 10 (87%) falling victim. Small businesses experienced the steepest rise in victim rates: 28% of 11-50 person firms were hit in 2015, rising steeply to 62% last year.

The total cost of cyber-security breaches over the last five years – including damaged assets, financial penalties and lost productivity – is believed to be more than £87 billion.

Sonia Blizzard, managing director of Beaming, comments: “Cybercrime is one of the first fields to embrace automation, allowing hackers to launch increasingly sophisticated attacks with unprecedented scale and frequency. Businesses of all sizes need to think hard about improving the resilience of their IT and communication systems, to minimise the chances of being breached and the potential impact.

 

‘The threat has grown astronomically over the last five years. ’
Sonia Blizzard, managing director of Beaming

 

“The threat has grown astronomically over the last five years. What used to be seen as a big-business problem has become a serious concern for every company director, manager and IT professional out there.

“Small businesses are now on the front line in the war against cybercrime. But they haven’t invested in cyber security or employee education at the same rate as their larger counterparts, and they are easier targets as a result.”

Cyber security trends identified through Beaming’s study

  • As companies grow they become more likely to be victims of cybercriminals. Over the past five years larger companies were consistently breached at a higher rate than smaller businesses. The risk of becoming a victim increases by more than 60% when a company hires its first employees.
Proportion of businesses reporting falling victim to cybercrime
  2015 2016 2017 2018 2019
Solo (1 person) 12% 24% 10% 28% 21%
Micro (2-10 people) 18% 36% 27% 46% 34%
Small (11-50 people) 28% 55% 47% 63% 62%
Medium (51-250 people) 39% 65% 57% 61% 76%
Large (251+ people) 48% 71% 70% 73% 87%

 

  • Although more companies are taking measures against cyber crime, uptake of these measures remains very low overall. In 2015, 5% of businesses had a cyber security policy; that figure is now 9%. In 2015, 30% of businesses had a firewall at the network perimeter; that figure is now 37%. In 2015, 20% of businesses put in place employee training and awareness-raising measures; that figure is now 22%.
  • Concern about cyber-crime has grown among senior business leaders over the last five years. More than fifth of small (20%), medium (24%) and large companies (36%) now discuss a range of cyber threats at board level. The proportion of businesses taking additional steps to mitigate a range of cyber-risks has increased from 16% in 2015 to 37% last year.
  • Malware continues to be the biggest concern for business leaders, with 45% now taking additional measures to combat it (compared to 26% in 2015). Hacking and password attacks, where criminals use scripts that try a wide range of possible password combinations, were also big concerns for leaders.

 

Top threats by business size
  2015 2016 2017 2018 2019
Solo Phishing 6%

Malware 5%

Denial service 4%

Phishing 18%

Malware 7%

Denial service 4%

Denial service 5%

Phishing 3%

Malware 2%

Phishing 23%

Malware 8%

Ransomware 2%

Malware 7%

Phishing 6%

Password attacks 6%

Micro Malware 8%

Phishing 6%

Denial of service 4%

Phishing 26%

Malware 16%

Denial of service 8%

Phishing 22%

Malware 14%

Social engineering 10%

Phishing 26%

Malware 17%

Password attacks 14%

Phishing 17%

Malware 12%

Password attacks 9%

Small Malware 14%

Phishing 11%

Hacking 4%

Phishing 26%

Malware 22%

Data breach 18%

Phishing 22%

Malware 14%

Hacking 11%

Phishing 26%

Malware 17%

Password attacks 14%

Phishing 29%

Malware 20%

Data breach 11%

Medium Malware 17%

Denial of service 12%

Phishing 11%

Malware 27%

Phishing 22%

Hacking 16%

Malware 20%

Password attacks 17%

Phishing 13%

Malware 34%

Phishing 29%

Hacking 21%

Phishing 29%

Malware 21%

Data breach 19%

Large Malware 21%

Hacking 16%

Phishing 15%

Malware 37%

Phishing 28%

Data breach 24%

Phishing 27%

Social engineering 19%

Malware 18%

Malware 34%

Phishing 29%

Hacking 21%

Phishing 38%

Malware 31%

Social engineering 25%

 

  • Phishing is now the type of attack most likely to hit businesses. In 2019, Phishing was the most common form of successful attack on every size of business – with the exception of micro companies, where 1% more fell victim to malware (although in 2018 phishing was also by far the biggest threat to micros too). The proportion of businesses hit by phishing attacks grew by 50% in five years, from 6% in 2015 to 9% in 2019.
  • Beaming’s research indicates that almost two-thirds (61%) of UK businesses have minimal levels of cyber security defences in place, relying on anti-virus software and basic router protection to keep them safe. 69% of micro businesses and 58% of small companies were in this situation at the start of 2020.Staff members were responsible – either through malicious intent, neglect or genuine mistakes – for breaches in more than a third of cases. Business leaders held employees accountable for 37% of breaches in 2015, and 36% in 2019.

Download Beaming’s Five Years in Cyber Security Guide

 

We’ve used our five years of insight to produce this guide for businesses of all sizes, which will help you discover:

  • Where you currently sit on Beaming’s Cyber Security Hierarchy of Needs & how you can reach the gold standard in safeguarding.
  • The types of cyber attack your business is most likely to experience & ways to protect against them.
  • Beaming’s cyber security jargon buster.
  • 10 simple steps for increased resilience.

Find out how cyber threats have changed over the past five years, protect your business and prepare for the next five years. Download Beaming’s Five Years in Cyber Security guide now.

  • This field is for validation purposes and should be left unchanged.