Three-quarters of businesses in the UK and the US have been hit by a serious cyber attack at least once since 2019, according to the S-RM Cyber Security Insights Report 2022. The result was a 25% increase from the 60% reported by senior IT respondents in 2021.
Both the UK and the US saw a significant increase in attacks across all incident types in 2022, with most percentages up by as much as 10%.
Data exfiltration went up from 37% to 46%, ransomware from 30% to 40%, hacktivism from 32% to 39%, denial of service from 28% to 39%, fraud from 29% to 38% and cryptojacking from 27% to 33%.
US businesses were slightly more likely to experience a serious cyber attack at 77% compared to the UK at 73%. However, UK businesses end up losing more in cost. These incidents have cost senior IT respondents an average direct loss of £1.3 million, which isn’t inclusive of the long-term effects that cyber attacks can bring.
The true cost of a security breach lies in the indirect losses, which have become more costly than the cyber attack itself. Reputation damage and paid ransom averaged £1.5 million in 2022.
Nearly half of these businesses also went into operational downtime, increased insurance premiums, experienced reputational damage, and paid legal costs following the cyber attack.
“Our latest report shows the sheer scale of serious cyber-attacks on businesses in the UK and the US. This is a growing problem and one with serious ramifications for affected organisations,” said Jamie Smith, board director at S-RM.
“Often businesses will focus on the direct financial impact of a cyber incident, but the indirect impact can be even higher and far more difficult for them to accurately quantify,” Smith said. “This is part of the reason why an effective incident response plan and relevant training is so important. The right plan can minimise the secondary impact of attacks, help to limit reputational damage, aid recovery, and minimise costly downtime.”