The cyberdefences of UK businesses are faltering as 50% of businesses reported a cyberattack or breach over the past 12 months, according to the government’s latest Cyber security breaches survey 2024.
The figure rose substantially among medium businesses (70%) and large businesses (74%), while 32% of charities were subject to an attack or breach.
Phishing was by far the most common threat type facing businesses, attacking 84% of targeted businesses. While organisation impersonation and virus or other malware were the next most common threatening 35% and 17% of targeted businesses respectively.
The increased threat landscape comes despite a rise in cyber hygiene, with 83% using up-to-date malware protection, up from 76% last year, and 75% deploying network firewalls, up from 66%.
The most disruptive breach over the past year cost each business an average of approximately £1,205.
“From the Prime Minister to large enterprises to charities, anyone and everyone can be targeted by a malicious cyberattack,” said Achi Lewis, Area VP EMEA for Absolute Software. “It’s more important than ever for organisations to have cyber-resilience underpinning robust defence measures, emphasising reactive, preventative and recovery procedures, as threats are a case of when not if.
“Especially in today’s work-from-anywhere world, security teams need visibility over an organisation’s entire network to protect devices, applications and ultimately staff,” Lewis added. “Secure access technology can establish trust between devices and a network, alerting centralised IT teams to suspicious behaviour and providing them with the power to freeze or even shut down potentially compromised devices. An approach to security that includes cyber-resilience built into defences is the best way for targeted organisations to ensure their measures are working as needed to avoid being breached.”
In total, 31% of businesses claimed they have undertaken cybersecurity risk assessment over the past year, while a third (33%) deployed security monitoring tools to bolster their defences.
“There is no doubt that developments such as AI have made the job of security teams more difficult over the past year, increasing the volume and sophistication of external threats, as well as creating an open door for insider threat through tools like ChatGPT,” said Oseloka Obiora, CTO, RiverSafe. “Now, organisations need to be even more aggressive with their response and remediation plans if they are to withstand a new flavour of AI-generated cyberattacks.
“To increase preparedness, security teams need robust network visibility to enable them to swiftly detect and address vulnerabilities across systems, mitigating the impact of cyberthreats, especially across complex or dispersed IT systems,” added Obiora.
The number of businesses insured against cybersecurity risks rose from 37% to 43% over the past 12 months, a figure which rises among medium and large companies.