- 88% of SMEs with £5m+ turnover victims of online cyber-attacks
- Less than half (43%) of firms have anti-virus software, with one in 10 having no security measures whatsoever
- Over a fifth (22%) of cyber-attacks result in ransoms being paid, while a quarter saw sensitive client information compromised
- Nearly a million British workers (3%) admit their misuse of company IT directly caused a cyber-attack
Almost nine in 10 UK businesses turning over more than £5 million annually have experienced a cyber-attack, according to new research from Forbes Advisor.
The study questioned senior decision makers across a range of UK small and medium-sized enterprises (SMEs), finding that more than half (57%) had suffered an online attack.
However, firms with an annual turnover in excess of £5 million were far more likely to experience cyber-crimes against their company (88%).
These attacks have led to serious consequences in many cases, with more than a fifth of cyber security breaches leading to businesses being forced to pay a ransom (22%).
Personal details are also under threat as these attacks compromised client and staff information in 26% and 23% of cases respectively.
Most likely outcome of a cyber attack | ||
Rank | Outcome | Percentage |
1 | Business had to shut down temporarily | 27% |
2 | Client information was compromised | 26% |
3 | Employee information was compromised | 23% |
4 | Business had to pay a ransom | 22% |
5 | Business lost money | 22% |
Source: Forbes Advisor |
Despite the regularity and severity of online assaults, many UK businesses aren’t taking measures to protect against them – the study found that just over one in 10 firms (11%) have no form of cyber security whatsoever.
Sole traders leave themselves particularly vulnerable as almost a quarter (24%) do not have any form of protection against hackers or malware. This is more than twice as many as the national average (11%).
Anti-virus software is the most popular method of defence, but only 43% of British companies have this in place. Other protective measures include firewalls (39%), cloud security (24%) and VPNs (24%).
The average spend on protective measures for businesses currently stands at £255 per month.
Misuse of company IT may be a contributing factor in some cyber-attacks, and further research reveals that nearly a million employees (3%) admit that their actions directly led to a security breach.
Respondents admitted to misusing their firms’ tech in a range of ways including accessing sensitive information on unsecure networks (5%), using their VPN to watch TV shows in other countries (4%), and surfing on ‘inappropriate websites’ (8%).
Top examples of misusing company IT | |
Rank | Outcome |
1 | Use the company printer for personal use |
2 | Use up space on a company device to store personal files |
3 | Apply for other jobs using a company device |
4 | Access inappropriate websites via a work device |
5 | Gaming on a company device |
Source: Forbes Advisor |
Of those admitting to using company devices to spend time on inappropriate sites, common destinations include the dark web and sites containing pornographic material (both 17%).
Kevin Pratt, financial expert at Forbes Advisor,says: “The nature of the modern workplace means more online devices are being used than ever. This inevitably means that there are more ways that a business could suffer a digital attack. Our research shows that cyber security issues are incredibly common in this country, particularly among firms with a turnover of £5 million or more.
“We’ve also found that a significant proportion of British businesses are without any form of protection against online assaults, and it’s important to address this shortfall by highlighting the consequences of a cyber attack, such as financial losses and breaches of sensitive information.
“Companies can take a number of measures to protect against cyber-attacks, including anti-virus software, firewalls and VPNs. Prevention really is better than cure”