ALMOST HALF of UK businesses have suffered a cyber breach or attack in past 12 months, rising to two-thirds among medium-sized companies and large firms.
That's according to The Cyber Security Breaches Survey 2017, a report commissioned by the Department for Culture, Media and Sport (DCMS) as part of the government's National Cyber Security Programme.
The survey was run to help businesses understand what other similar organisations are doing to stay cyber secure and would help to support the government when it shapes future policy.
DCMS found that of those businesses that had detected breaches, over a third (37 per cent), reported being breached just once in the year, but the same proportion said they were breached at least once a month, and 13 per cent said it was daily.
In the last year, the average business identified 998 breaches, a figure that the government said was "pushed up" because of the minority of businesses that experience hundreds or thousands of attacks in this timeframe.
Among the 46 per cent of businesses that detected breaches in the last 12 months, the average faced costs of £1,570 as a result. This figure was a lot higher for the average large firm - at £19,600, while medium companies had an average cost of £3,070 and small firms had a similar cost to the overall average (£1,380).
DCMS said that despite the large number of breaches, external reporting about them remains uncommon. Only a quarter (26 per cent) reported their most disruptive breach externally to anyone other than a cyber security provider.
"The findings suggest that some businesses lack awareness of who to report to, why to report breaches, and what reporting achieves," the report reads.
58 per cent of businesses have sought information, advice or guidance on cyber security threats facing their organisations over the past year, according to the report.
External security or IT consultants (32 per cent) is the top specific source mentioned, followed by online searches (10 per cent). Only four per cent mention government or other public sector sources.
DCMS suggested that this reflected that awareness of the information and guidance offered by government remained relatively low. However, it said that of the small minority who did look at government advice, three quarters said they found the information useful.
DCMS released a Cyber Breaches Survey in 2016 too, and some of the findings this year were very similar. For example, the majority of businesses (67 per cent) had spent money on their cyber security, and this tended to be higher among medium-sized companies (87 per cent) and large firms (91 per cent).
John Madelin, CEO of IT security company Reliance acsn suggested that the most interesting finding was the lack of companies reporting data breaches externally.
"Under GDPR, businesses will have to notify authorities of a data breach within 72 hours and without undue delay," he said.
"With almost half of UK businesses suffering a cyberattack in the past 12 months, and larger firms suffering them on a monthly or daily basis, it's clear that businesses still are struggling with getting basic security right," he added. µ
And, er, not much else
To serve, protect, and get incredibly hot and dusty
Symantec links attack to prolific Lazarus hacking group
Chinese firms drive global smartphone growth in first quarter