Howden has published new research examining cyber resilience among UK businesses, revealing that over half (52%) of UK organisations experienced at least one cyber-attack in the past five years, resulting in an estimated ~£44 billion in lost revenue.
Large businesses with annual revenues exceeding £100 million were the most frequent targets, with 74% reporting at least one cyber-attack during this period. However, smaller enterprises are also significantly impacted.
The study found that 49% of small and medium-sized enterprises (SMEs) with revenues between £2 million and £50 million have been victims of cyber-attacks in the past five years.
The most prevalent causes of cyber-attacks were compromised emails, accounting for 20% of incidents, and data theft, responsible for 18%. The average cost of email compromise was ~£2.1 million per attack, while data theft resulted in losses averaging £2 million.
Despite the growing threat, the adoption of basic cybersecurity measures remains low among UK businesses. The research shows that 61% of businesses use antivirus software, while only 55% have implemented network firewalls.
Barriers to improving cybersecurity include cost (26%), insufficient knowledge (26%), and a lack of internal IT resources (22%).
Howden’s analysis estimates that by adopting fundamental cybersecurity practices, UK businesses could reduce the cost of cyber-attacks by up to 75%, saving a potential ~£30 billion between 2019 and 2024. The average UK business could see savings of ~£3.5 million over ten years, representing a 25% return on investment in cybersecurity measures.
To encourage greater uptake of cybersecurity measures, businesses identified tax relief on cyber investments (33%) as the most effective policy intervention, followed by free access to cybersecurity expertise and resources (32%), compulsory minimum cyber standards (31%), and compulsory cyber insurance (26%).
Howden’s report highlights the critical role of collaboration between the insurance industry and government in improving awareness of cyber risks and promoting the adoption of effective security measures.
Sarah Neild (pictured above), head of UK cyber retail at Howden, stated that cybercrime is increasingly targeting vulnerabilities in businesses as reliance on technology grows.
She noted that UK businesses are losing substantial revenue to cyber-attacks and emphasised the insurance industry’s role in improving resilience through security advice and incident response services.
“Engagement with SMEs will be particularly important,” Neild said. “This segment has been historically underserved by the cyber insurance market yet forms an important backbone of economic activity, both in terms of its size but also as an engine of growth. Through increased insurance penetration and education about implementation, we can help businesses improve their cyber resilience and protect against loss of revenue from these attacks.”
What are your thoughts on this story? Please feel free to share your comments below.
