Cyberattacks led to £44 billion in damages in the last five years for UK businesses

Cyberattacks have cost British businesses around £44 billion, or approximately €52.7 billion, in the last five years. By implementing simple cybersecurity measures, companies could reduce the costs of cyberattacks by 75% or £30 billion, roughly €36 billion.

According to insurance broker Howden, over half of all companies in the United Kingdom’s private sector (52%) have suffered at least one cyberattack in the past five years, costing on average 1.9% of their revenue.

Enterprises with an annual turnover of over £100 million were the most targeted group. However, this doesn’t mean small and medium-sized enterprises (SMEs) are in the clear. Half of the SMEs with a revenue between £2 million and £50 million (49%) also became victims of a cyberattack at least once in the past five years.

The most common causes of cyberattacks in this period were business email compromise (20%) and data theft (18%), costing on average £2.1 million and £2 million respectively. Ransomware attacks accounted for £1.7 million in damages.

However, there is good news. By implementing basic cybersecurity measures, UK businesses could reduce their cyberattack costs up to 75%, or approximately £30 billion based on the last five years. At present, 61% of all UK enterprises are actively using antivirus software and 55% are employing network firewalls.

According to Howden, the most effective way of beefing up cybersecurity and improving cyber resilience within businesses is a tax relief on cyber investments (33%), free access to cyber expertise and resources (32%), compulsory minimum cyber standards (31%) and compulsory cyber insurance (26%).

“Cybercrime is on the rise, with malicious actors continuing to take advantage of cybersecurity vulnerabilities, particularly as firms become ever reliant on technology for their operations. UK businesses are currently losing a significant amount of revenue to cyberattacks, and the insurance industry is crucial to strengthening resilience and raising awareness of the security measures needed to help businesses protect their operations,” says Sarah Neild, Head of UK Cyber Retail.

In order to help SMEs and other businesses to improve their cyber resilience, Neild recommends that the insurance industry must work alongside the government to raise awareness of the growing severity and frequency of cyberattacks.