According to new data from business ISP Beaming, over 1.5 million UK firms were impacted by cybercrime last year, resulting in a total cost of more than £31.5bn ($40bn). This information was obtained through a poll of 500 business leaders about security breaches within their organizations in 2023. The costs associated with these incidents included data recovery, replacing IT assets and personnel, business interruption, lost business, and regulatory penalties.
By calculating median figures provided by respondents for each cybercrime and business size, Beaming was able to estimate the overall cost of breaches by multiplying them by the size of the business population based on government figures. The resulting report, titled “Price of Insecurity: The Cost of Business Cybercrime in 2023,” revealed a 138% surge in the total cost of breaches compared to 2019, when the estimate was £12.8bn.
The report also noted that more than a quarter (27%) of UK businesses fell victim to cybercrime in 2023, at an average cost of £5500 per incident. It further highlighted that cybercrime rates for the largest (250+ people) and smallest (one person) businesses actually declined, while increasing in all SME segments. Small businesses with 11-50 employees experienced the steepest rise in both victims (42%) and costs (396%) between 2019 and 2023.
Beaming’s managing director, Sonia Blizzard, emphasized that although large businesses are proving to be more resilient to cybercrime, the cost of breaches is still soaring, especially for SMEs. She pointed out that businesses are investing in training and technology to address cybersecurity threats, but they are still under sustained attack. Blizzard stressed the importance of maintaining investment in cybersecurity training as the use of technology continues to drive business growth.
The report also revealed that firms of all sizes have stepped up their cybersecurity investments, with many providing employee training and adopting tools like network perimeter firewalls, site-to-site VPNs, and unified threat management (UTM) devices. Despite these efforts, cyber-threats continue to pose a significant risk. Phishing was identified as the most common attack vector, with 679,000 victims reported, followed by malware with 426,000 victims, and insider threats with 412,000 victims. Additionally, business email compromise (BEC) and social engineering were identified as the most lucrative threat types for cybercriminals, followed by credential stuffing and ransomware.
In conclusion, the report from Beaming highlights the increasing threat of cybercrime to businesses in the UK, with significant financial implications. It underscores the need for continued investment in cybersecurity training and technology to mitigate these risks and protect organizations of all sizes from the growing impact of cyber threats.