Recent research has exposed a concerning reality for businesses in the UK, with one in five reporting falling victim to cyber attacks or incidents. The study, conducted by Aviva, highlights that nearly one in 10 small businesses have experienced a cyber incident in the past year, emphasising the growing risk posed by cyber threats.
The figures escalate significantly for larger corporate entities, with 35% of them acknowledging the impact of cyber attacks, underscoring the increasing vulnerability across diverse sectors. This revelation comes at a critical time, as criminals often exploit opportunities in the lead-up to the festive season, making cybersecurity a pressing concern for both consumers and businesses alike.
The research indicates a shifting landscape where cyber incidents now outweigh physical theft, with businesses being 67% more likely to experience a cyber incident than a traditional theft, and almost five times as likely compared to a fire.
When dissecting the aftermath of a cyber attack, the study found that nearly a third of affected businesses suffered operational disruptions. Additionally, 21% experienced data loss and system lockdowns. Financially, the repercussions are significant, with businesses claiming an average of £21,000 per incident, according to Aviva data. However, costs can skyrocket into the tens or even hundreds of millions of pounds.
Despite the frequency of cyber incidents, there is a notable gap in cyber insurance coverage, particularly among small businesses. Less than one in five small businesses have a cyber insurance policy, and an equal proportion are unaware of the existence of cyber insurance. This lack of coverage not only increases the risk of further damage but also puts businesses at odds with personal data rules.
The research also sheds light on a concerning statistic: while approximately half of UK businesses express confidence in handling a cyber incident, one in five admit to lacking confidence in knowing how to respond. This vulnerability is more pronounced among small businesses, with over a quarter expressing uncertainty, raising concerns about compliance with data protection regulations.
Stephen Ridley, Head of Cyber at Aviva, emphasised the pervasive risk of cyber attacks across businesses of all sizes and sectors. He stressed the need for both preventive measures and protection, especially during the holiday season when phishing emails tend to surge. Ridley encouraged businesses, particularly small enterprises, to consider affordable cyber insurance options like Aviva’s Cyber Respond.
Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), underscored the importance of robust cyber practices for businesses of all sizes. He urged immediate reporting of live cyber attacks to Action Fraud and encouraged small and medium-sized businesses to seek support from regional, police-led Cyber Resilience Centres for strengthening their cyber resilience.
In closing, the research emphasises the critical need for businesses to bolster their cybersecurity measures, adopt preventive strategies, and consider cyber insurance to mitigate the escalating risks posed by cyber threats.