Half (52%) of UK businesses, representing 1.3 million private sector companies, have endured at least one cyber-attack in the past five years, equating to £44 billion of lost revenue, according to Howden, the international insurance intermediary group.
New research published by Howden reveals that businesses with an annual revenue of over £100 million were the most targeted group, with 74% of those surveyed having suffered a cyber-attack over the past five years.
Threat levels are elevated however, across all businesses, with half (49%) of small and medium-sized enterprises (SMEs) with a revenue of £2 million to £50 million also experiencing a cyber-attack over the same period.
According to Howden, the most common causes of cyber-attacks were compromised emails (20%) and data theft (18%), with the average cost of these attacks equating to £2.1 million and £2 million, respectively.
In spite of the growing threat posed by cyber-attacks, take up of the most basic cyber security measures remains low, which clearly highlights a critical cybersecurity knowledge gap within UK businesses. At present, 61% of businesses are actively using antivirus software, while just 55% are employing network firewalls.
Cost, insufficient knowledge, and lack of internal IT resource, have all been cited by organisations as being obstacles towards helping them improve their cyber security.
However, by implementing cyber security basics, Howden estimates that UK businesses could wind up reducing cyber-attack costs by up to ~75% (a total of ~£30 billion from 2019-24), with the introduction of these measures saving the average UK business roughly £3.5 million over ten years, which would equate to a return on investment of 25%.
Additionally, UK businesses have said that new policy measures such as tax relief on cyber investment (33%) will be the most effective way of improving cyber resilience within businesses, followed by free access to cyber expertise and resources (32%), compulsory minimum cyber standards (31%) and compulsory cyber insurance (26%).
Howden noted how the insurance industry must work alongside the government to raise awareness of the growing severity and frequency of cyber-attacks and the return on investment that can be achieved with the implementation of cyber security measures.
The insurance sector also has a crucial role to play towards boosting resilience by advising businesses on security and offering incident response services.
Sarah Neild, Head of UK Cyber Retail, commented: “Cybercrime is on the rise, with malicious actors continuing to take advantage of cybersecurity vulnerabilities, particularly as firms become ever more reliant on technology for their operations. UK businesses are currently losing a significant amount of revenue to cyber-attacks, and the insurance industry is crucial to strengthening resilience and raising awareness of the security measures needed to help businesses protect their operations.”
Adding: “Engagement with SMEs will be particularly important. This segment has been historically underserved by the cyber insurance market yet forms an important backbone of economic activity, both in terms of its size but also as an engine of growth. Through increased insurance penetration and education about implementation, we can help businesses improve their cyber resilience and protect against loss of revenue from these attacks.”
