Almost a third of British firms hit by cyber-security attacks last year chose to ignore them.
Thirty-two per cent of UK companies said they took “no action” after an online security breach in 2019 despite this type of crime collectively costing British firms around $17bn, according to research gathered by LearnBonds.
Sixty-one per cent of large businesses identified cyber breaches over the last 12 months, although this figure falls to 32 per cent when the country’s medium-sized and small firms are taken into consideration.
UK travel money firm Travelex (pictured) has been offline for more than five days following a software virus attack on New Year’s Eve. The move also affected Sainsbury’s Bank, Barclays and HSBC, among others, which all use the Travelex platform.
Protecting customer data
The money firm said it was forced to take its site offline site to contain “the virus and protect data”.
The most common attacks are phishing breaches, where fraudsters send emails purporting to be from reputable companies in order to tempt firms to reveal sensitive information, such as passwords or credit card numbers. Criminals sending malware and ransomware attacks were also common.
The average cost of these attacks for large firms was £22,700, though when medium-sized and small firms are taken into consideration the mean costs falls to £9,470, according to data from Ipsos Mori for the Department for Digital, Culture, Media and Sport in November.
The department added that the “costs of cyber-security breaches can be substantial”, adding that “things like lost productivity or reputational damage – tend to be overlooked. This means that, when organisations reflect on their approaches to cyber-security, they may be undervaluing the true cost and impact of cyber-security breaches.”
An expert from antivirus website PreciseSecurity.com told us “UK firms still do not take cyberattacks as seriously as they should. Business ransomware and malware attacks cost firms $4b+ per year globally, yet so many firms ignore basic defenses against such attacks.
However, most firms do take various forms of action after an online security breach. Twenty per cent hired additional staff or boosted training, 17 per cent updated their firewalls, another 17 per cent boosted anti-virus software, nine per cent changed or created their online policies and five per cent hired cyber-security specialists or outsourced this part of their operation.
The number of online breaches has fallen over the last three years. Thirty-two per cent of firms said their security had been compromised last year, this rose to 43 per cent in 2018 and was higher still in 2017 when 46 per cent of business reported concerns.
The introduction of General Data Protection Regulation (GDPR) in May 2018 across the European Union, which toughened up citizens data privacy, could well have heightened the awareness of companies to online issues, according to the department.
It said the launch of GDPR may have meant firms “increased their planning and defences against cyber attacks since 2018”.
But the survey also added that the new regulations may have worked to dampened cyber-crime reports.
It said: “GDPR might have changed what businesses consider to be a breach, or led to some businesses becoming less willing to admit to having cyber-security breaches.