UK cybercrime has doubled in the last five years, costing businesses £87 billion since 2015

The number of UK businesses succumbing to cyber attacks has doubled in the last five years, with the sharpest spike in victim rates coming in the small-business community, according to our research.

Beaming’s five-year cybersecurity study suggests a quarter (25%) of UK businesses were victims of cyber criminals in 2019. This equates to 1.5 million businesses, up from 755,000 (13%) in 2015.

In every year of Beaming’s study, large companies (250+ employees) were most at risk, culminating last year with nine out of 10 (87%) falling victim. Small businesses experienced the steepest rise in victim rates: 28% of 11-50 person firms were hit in 2015, rising steeply to 62% last year.

The total cost of cyber-security breaches over the last five years – including damaged assets, financial penalties and lost productivity – is believed to be more than £87 billion.

Sonia Blizzard, managing director of Beaming, comments: “Cybercrime is one of the first fields to embrace automation, allowing hackers to launch increasingly sophisticated attacks with unprecedented scale and frequency. Businesses of all sizes need to think hard about improving the resilience of their IT and communication systems, to minimise the chances of being breached and the potential impact.

“The threat has grown astronomically over the last five years. What used to be seen as a big-business problem has become a serious concern for every company director, manager and IT professional out there.

“Small businesses are now on the front line in the war against cybercrime. But they haven’t invested in cyber security or employee education at the same rate as their larger counterparts, and they are easier targets as a result.”

Cyber security trends identified through Beaming’s study

• As companies grow they become more likely to be victims of cybercriminals. Over the past five years larger companies were consistently breached at a higher rate than smaller businesses. The risk of becoming a victim increases by more than 60% when a company hires its first employees.

• Although more companies are taking measures against cyber crime, uptake of these measures remains very low overall. In 2015, 5% of businesses had a cyber security policy; that figure is now 9%. In 2015, 30% of businesses had a firewall at the network perimeter; that figure is now 37%. In 2015, 20% of businesses put in place employee training and awareness-raising measures; that figure is now 22%.
• Concern about cyber-crime has grown among senior business leaders over the last five years. More than fifth of small (20%), medium (24%) and large companies (36%) now discuss a range of cyber threats at board level. The proportion of businesses taking additional steps to mitigate a range of cyber-risks has increased from 16% in 2015 to 37% last year.
• Malware continues to be the biggest concern for business leaders, with 45% now taking additional measures to combat it (compared to 26% in 2015). Hacking and password attacks, where criminals use scripts that try a wide range of possible password combinations, were also big concerns for leaders.

• Phishing is now the type of attack most likely to hit businesses. In 2019, Phishing was the most common form of successful attack on every size of business – with the exception of micro companies, where 1% more fell victim to malware (although in 2018 phishing was also by far the biggest threat to micros too). The proportion of businesses hit by phishing attacks grew by 50% in five years, from 6% in 2015 to 9% in 2019.
• Beaming’s research indicates that almost two-thirds (61%) of UK businesses have minimal levels of cyber security defences in place, relying on anti-virus software and basic router protection to keep them safe. 69% of micro businesses and 58% of small companies were in this situation at the start of 2020.Staff members were responsible – either through malicious intent, neglect or genuine mistakes – for breaches in more than a third of cases. Business leaders held employees accountable for 37% of breaches in 2015, and 36% in 2019.