UK Government Release 2021 Cyber Security Statistics

In the past two years, cybercrime has had a major impact on businesses around the world, and the UK was no exception! The Covid-19 pandemic caused many organisations to change the way they operated, practically overnight, and the latest cyber security statistics show that cybercriminals saw this as an opportunity to launch attacks. Whether it's ransomware attacks, data breaches, or phishing schemes, cybercriminals have caused billions of pounds in damage and are taking advantage of the situation by attacking businesses at an unprecedented rate. The UK Government recently conducted an in-depth study of UK businesses, and the results are startling.

Cyber security is one of the hottest topics for business leaders in all industries worldwide, and in this era of augmented technology, businesses are more vulnerable than ever to cyber-attacks. Hackers steal valuable information and shut down a company's systems with just a click of a button. Every day, businesses are falling victim to cyber-attacks, and if you're not careful, you could be next. Waiting until after an attack is too late – the damage has already been done.

What is Cyber-Crime?

According to the Crown Prosecution Service (CPS) ‘Cyber-crime is an umbrella term used to describe two closely linked, but distinct ranges of criminal activity.’ The Government's National Cyber Security Strategy defines these as:

• Cyber-dependent crimes - crimes that can be committed only through the use of Information and Communications Technology (‘ICT’) devices, where the devices are both the tool for committing the crime, and the target of the crime (e.g., developing, and propagating malware for financial gain, hacking to steal, damage, distort or destroy data and/or network or activity).
• Cyber-enabled crimes - traditional crimes which can be increased in scale or reach by the use of computers, computer networks or other forms of ICT (such as cyber-enabled fraud and data theft).

The Computer Fraud and Abuse Act (US Cyber Security Bill) defines cybercrime as: “conduct that is carried out by an individual “without authorization” or who “exceeds authorized access,” and that involves a computer.”

Cyber Security Statistics on Breaches in the UK

In 2020, the increase in staff working from home due to the COVID-19 pandemic led rise to a whole new level of security breaches and cyber-attacks. Most employees were moved to a remote hybrid working model and cybercriminals saw this as an opportunity! The latest cyber security statistics taken from the Cyber Security Breaches Survey 2022 are still quite staggering:

• In the last 12 months, over 39% of UK businesses surveyed had identified a cyber-attack. However, the actual figure is thought to be much higher due to under-reporting of attacks, especially amongst small-medium businesses.
• A staggering 31% of businesses said that they were attacked at least once a week.
• Of the businesses that reported an attack, the most common vector was a phishing attempt (83%), and 21% reported a more sophisticated attack such as denial of service, malware, or a ransom attack.
• 56% of businesses have a policy in place stating they are not to pay ransoms.
• Only 43% of businesses have an insurance policy in place against cyber risks.
• Just over 54% of businesses in the last 12 months have acted to identify cyber security risks.
• Only 19% of businesses have a formal incident response plan.
• When surveyed 82% of businesses said that cyber security was a high priority for their senior management.

No business is immune to cybercrime.

Small businesses are now the most common target for cyber-attacks. This is because they often don't have the same level of security measures in place as larger businesses do and they aren’t necessarily aware of all the risks. Cyberattacks can cause a lot of damage to your business, not just financially but also reputationally. Research undertaken for the Cyber Security Breaches Survey 2022, reported; “Smaller organisations take little proactive action on cyber security, this is driven by a lack of internal knowledge and competing priorities with their budgets. This is especially true if they have no relationship with outsourced cyber security providers. They often have a fear of the technicalities of cyber security and a preference not to research and mitigate against the risks they presented. They are aware there could be a potentially devasting impact but were not sure of the specifics and felt it was a low priority. Smaller organisations tend to seek out information and advice on a reactive basis.”¹

• 48% of small businesses identified a breach or an attack in the last 12 months.
• The most common attack on small businesses was a phishing attack (83%)
• The average financial cost associated with a cyber-attack on small businesses is over £3000 per attack.
• Only 37% of small businesses have a cyber security strategy which details all policies and processes relating to cyber security.
• Only 10% have a specific cyber security insurance policy, and only 40% had cyber security included as part of a wider insurance policy.
• Only 26% of small businesses undertake cyber security training for their staff.

Most common cyber-attacks on organisations. As a business owner, you should be aware of the cyber security risks associated with conducting business in this digital age. Hackers and cybercriminals are constantly producing new ways to exploit vulnerabilities in your systems and steal your data. Cyber-attacks come in all shapes and sizes, and you need to ensure that you are protected from them all! According to cyber security statistics, the most common attacks are:

• Ransomware: This is a type of malware that locks users out of their devices or data until a ransom is paid by the business.
• Phishing: Scammers send fake emails or texts with the aim of trying to steal people's personal information such as passwords or credit card details.
• Malware: This is software that is designed to damage or disable computers and networks and cause maximum impact and destruction.
• Trojans: These are malicious programs that masquerade as harmless files in order to infect devices.
• DDoS attacks: This is when a hacker floods a website with so much traffic that it eventually crashes, bringing the business to a halt and being unable to function online.

The main routes in for hackers are through the website, network, phishing, a third Party or an employee. Every interface between a company’s network and the internet has the potential for vulnerabilities to be exploited.

A hacker's main objectives are to:

• Deliver ransomware
• Steal Intellectual Property
• Steal Sensitive Data
• Steal Money

Cybercriminals may have a variety of goals, although the one thing that binds them together is their misuse of IT systems for unlawful aims. The internet is a wonderful thing. It has revolutionised the way we live and do business. But as always with great power comes great responsibility; to protect ourselves, our businesses, and our employees from cyber-attacks. The sad fact is as a defender you have to be right all the time. Whereas, as an attacker, you only need to be right, or lucky, once to compromise a system.

It is important to remember that cyber-crime doesn’t just affect large organisations, it's also a huge risk for small businesses. While a small business may not think that its business carries the same level of sensitive information about its staff and customers, cybercriminals are still extremely interested in them.

(H3) Employ the services of a professional cyber security consultancy Organisations who want that ‘peace of mind,’ should employ the services of an experienced cyber-crime defence consultancy.

We are seasoned ‘white hat’ hackers with extensive experience and expertise of working inside large security consultancies. We have a combined experience of over 20 years in the cyber-security industry, the majority of which was spent as part of the world’s largest Pentesting team. We've spent those years learning and refining the skills of our trade and have applied them helping secure some of the UK’s largest financial and industrial institutions. Now we use our skills to benefit businesses of all sizes around the world but are especially focused on helping small businesses to be cyber secure. We’ve developed a set of industry tried and tested tools and policies to help you secure your business. Can we offer you a magic fix or silver bullet? No, unfortunately, it’s not that easy. Securing your business will take time and effort on your part and ours.

What we can do is give you the benefit of our years of experience and expertise, broken down into manageable steps. Our process involves examining your business in detail so we can identify how and by what methods attackers can target you. Then we show you what changes you can make to reduce the risk of those attacks being successful. After that, we help you develop and implement policies specific to your circumstances that will allow you to stay on top as the threat landscape evolves in the future.

Our mission is to demystify the process of cyber security for businesses enabling them to be both compliant and as secure as possible from cyber-attacks, bring the cyber security statistics down. To find out more about the crucial cyber security services we offer please look at our website or contact us for more information.

References: ¹ Cyber Security Breaches Survey 2022 https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022