Data from the annual survey run by the National Cybersecurity Centre and the Department for Digital, Culture, Media, and Sport reveal that although eight in ten businesses (82%) report cybersecurity as a high priority for senior business leaders, there has not been a corresponding increase in actions to implement enhanced cybersecurity.

 

The survey results show that 39% of UK businesses identified a cyberattack in the past 12 months, remaining consistent with the previous year, although the report suggests that fewer cyber mature organisations in this space may be underreporting.

 

Within the group of organisations reporting cyberattacks, 31% of businesses and 26% of charities estimate they were attacked at least once a week. Looking at organisations reporting a material outcome, such as loss of money or data, gives an average estimated cost of all cyber-attacks in the past 12 months of £4,200. Considering only medium and large businesses, this cost rises to £19,400. These figures could be conservative as the lack of framework for the financial impacts of cyberattacks may have resulted in underreporting.

 

The Most Common Types of Cybercrime

The survey shows that the most common threats were phishing attempts (83%), although about one in five (21%) of businesses that reported a cyberattack identified a more sophisticated threat such as a denial of service, malware, or ransomware attack.

 

A secure, forward-thinking business must implement anti-phishing solutions to protect critical, sensitive data. Solutions like Ironscales, Proofpoint, and Avanan provide malware and URL protection, whilst implementing security measures against the phishing and spear-phishing techniques used by cybercriminals looking to exploit hard-working businesses.

 

Adding a smart password manager tool to the security stack can help MSPs and their clients prevent phishing attempts and reduce the risk of data breaches. The average employee has 191 different passwords for work accounts.  If each one is not unique, it means that a successful phishing attempt could give a hacker access to any system where the same password is used.

 

A smart password management system enables end-users to automatically generate random, secure passwords for each account and store them in a vault. A solution such as LastPass also incorporates a multi-device authentication system. This adds an extra layer of security by asking users to submit additional verification when they log in, usually on a different device.

 

Despite its lower prevalence, survey respondents cited ransomware as a major threat, with 56% of businesses having a policy not to pay ransom. However, research carried out by Proofpoint reveals that businesses in the UK are the most likely to pay cybercriminals, and many organisations that have been victims of ransomware end up paying several times to recover data critical to their business.

 

Impact of Remote Working on Cybercrime

Managing online security threats, such as phishing and ransomware, has become more complex in the modern workplace, as many employees continue to work remotely, at least part of the time.

 

However, some steps can be taken to protect your modern workplace against cybercrime. These steps make remote systems more secure with endpoint detection and response solutions that remediate threats across all devices, desktops, and servers.

 

Where Businesses Go for Cybersecurity Services

Just over half of businesses (54%) have acted in the past 12 months to identify cybersecurity risks, with security monitoring tools (35%) being the most common. Qualitative interviews, however, found that limited board understanding meant the risk was often passed on.

 

Small, medium and large businesses outsource their IT and cybersecurity to an external supplier 58%, 55%, and 60% of the time respectively. Organisations choosing this approach have access to greater expertise, resources, and higher standards for cybersecurity.

 

The survey data also show that 43% of businesses have an insurance policy that covers cyber risks. However, only 6% of businesses have the Cyber Essential certification and 1% have Cyber Essentials plus, which is largely due to relatively low awareness.