The government published its Cyber Security Breaches Survey 2022 in March. The report showed that, in the last 12 months, 39% of UK businesses identified a cyber-attack and suggested that many more organisations will have experienced attacks either without realising it or without reporting them.
Among those businesses identifying breaches or attacks, 49% reported incidents occurring once a month and 31% said they have experienced breaches or attacks at least once a week. The most reported cyber-attack was phishing (83%), and 20% of businesses had experienced a more sophisticated attack in the last year, such as a denial of service, malware, or ransomware attack.
Temporary loss of access to files or networks, disruption to websites, applications, or online services; and software being corrupted or damaged are the most reported outcomes of a cyber-attack. Viruses, ransomware, account takeovers, hacking attempts, and other unauthorised access were also reported. For businesses that reported breaches or attacks with a material outcome, losing either money or data, four in ten indicated it took a full working day or more to recover.
The published survey shows that cyber security is now seen as a high priority by a greater proportion of businesses than ever before. However, despite qualitative interviews revealing a good understanding at a senior level of the risks posed by cyber-attacks, only 43% of businesses reported having an insurance policy that covers cyber risks.
Most commonly, breaches or attacks lead to organisations having to take new measures to prevent or protect against future cases, or staff resources being redirected to deal with the breach.