The financial impact of cybersecurity breaches on companies in the UK has climbed to a whopping average of an annual £4,180 in 2019, nearly double 2017’s £2,450, according to a UK government survey conducted in winter 2018 and early 2019. The cost has risen significantly for companies that lost critical data or assets following a cyber incident or breach.
The most common types of attacks identified over the past 12 months involve phishing, which detected by 80 percent of companies and 81 percent of charities. Phishing attacks are closely followed in incidence by posing as a legitimate organization online or in emails, and viruses, spyware or malware attacks, including ransomware. The highest attack incidence was noticed with medium businesses (60%), large businesses (61%) and high-income charities (52%).
The survey found that 32 percent of businesses and 22 percent of charities have fallen victim to at least one cybersecurity incident or experienced an important data breach in the past 12 months. These numbers are significantly lower, if we consider the number of victims in 2018 (43%) and 2017 (46%). The drop could be attributed to the May 2018 introduction of the General Data Protection Regulation (GDPR), Europe’s most important data privacy regulation. GDPR has forced companies to improve their cybersecurity policies to ensure they are compliant, or face hefty fines of up to 4% of the global annual revenue for infringements.
However, the government’s research claims more than half of UK-based companies interviewed had no written policies or hadn’t even conducted risk assessments in the past year. Although most were still underprepared, a higher number of businesses and charities made improvements to their cyber defense in 2019 compared to 2018 and are better at detecting and containing breaches. But the risk is still present.
Shifts in attacker behavior may be another reason for the lower number of incidents in organizations, as hackers may now be “focused on a narrower range of business,” reads the report. Companies’ fear to disclose all breaches to avoid GDPR fines may also be behind the numbers, however. According to senior executives, 78 percent of enterprises and 75 percent of charities placed cybersecurity on the top priority list for 2019, with both looking at making a long-term commitment to improving overall security.