Report reveals UK business is under attack

A newly published UK Government survey has uncovered that 46% of all UK businesses had ‘identified at least one cybersecurity breach or attack in the past 12 months’. The report has also revealed that a ‘sizeable proportion’ of business have not put in place basic policies and protection to protect themselves from attack.

Some of the statistics revealed by the Cyber Security Breaches Survey 2017 include:

  • Only around 37% of companies have a segregated wireless network or any rules round encryption of personal data.
  • Only around a third of companies have a formal policy that covers cyber security risks, and only 29% have made specific board members responsible for cyber security.
  • A mere one-fifth of businesses surveyed have had staff attend any cyber security training – with non-specialist staff particularly unlikely to have attended any training.
  • Whilst 19% of business admitted to being worried about the computer security of their suppliers only 13% require suppliers to adhere to any specific cyber security standards or good practice.
  • Only 11% have a management plan in place in the case of a cyber security incident.

The report details the findings from a quantitative and qualitative survey with UK businesses on cyber security. The Department for Culture, Media and Sport (DCMS) commissioned the survey as part of the National Cyber Security Programme, following a previous comparable study by the Department published in 2016. 1 It was carried out by Ipsos MORI, in partnership with the Institute for Criminal Justice Studies at the University of Portsmouth, and comprised of a telephone survey of 1,523 UK businesses from 24 October 2016 to 11 January 2017 and 30 in-depth interviews undertaken in January and February 2017 to follow up businesses that participated in the survey

The study of 1523 UK business found that larger organisations suffered more attacks, with the most commonly reported breaches being staff receiving fraudulent emails (72%), malware attacks (33%), impersonation of the organisation via email or online (27%) and ransomware (17%).

Attacks often have a financial impact on the business being attacked, the survey finds that the average business faces costs of £1,570 as a result of these breaches. This is much higher for the average large firm, at £19,600, though the average medium firm (£3,070) and micro and small firms (£1,380) also incur sizeable costs. however external reporting of incidents remains rare with only 25% reporting their breaches to anyone other than their security vendor.

Whilst awareness of IT security issues is increasing, three in five (58%) businesses have sought information, advice or guidance on the cyber security threats facing their organisations over the past year, and more firms are aware of both the financial and reputational damage that can occur when systems are breached, this report clearly shows that many companies still have issues to address.

The lack of reporting is a real concern and suggests that some businesses lack awareness of who to report to, why to report breaches and what reporting helps achieve. If we are to make a case for more investment in the prevention of attacks then the powers that be really need to be aware of the extent of the problem.

As we’ve mentioned in previous blog IT Security is often less of a technological problem that a people problem with many attacks preventable via a skilled workforce who are aware of what threats to look out for and who to contact if they think they’ve spotted something suspicious.

By increasing the knowledge of staff and working with your IT Support provider in putting a sensible defence in place you can prevent your own business becoming a victim of an attack.

Your IT Department provide complete Cyber Security solutions including anti-virus software, Watchguard Firewall Hardware, advice and training. To find out more about how we can keep you secure call 0115 7980704 or email us  

The full report can be viewed at