2020 the busiest year on record for cyber attacks against UK firms

Unknown hacker on a computer in a dark room
(Image credit: Shutterstock)

Businesses faced a 20% rise in cyber security threats last year versus 2019, with the first COVID-19 lockdown in March serving as the catalyst for a year of increased efforts to infiltrate corporate networks.

Businesses in the UK each faced 686,961 attempts on average to breach their systems online in 2020, according to specialist internet service provider Beaming. This equates to an attempted attack every 46 seconds, with 2020 proving to be the busiest year on record for cyber attacks.

Last year’s threat landscape represents a 20% rise against comparable figures from 2019, when businesses each faced 576,575 attacks on average. This significant rise in attempted cyber attacks can be chiefly attributed to COVID-19, as well as the massive shift to remote working.

“The threat to UK businesses from hackers and other malicious elements online was magnified in 2020, as the volume of attacks continued to grow and the Internet became increasingly important to many more parts of the economy,” said the managing director of Beaming, Sonia Blizzard.

“We saw the best of the Internet in 2020 as businesses adapted to survive. Businesses need to do everything they can to increase their resilience to the growing threat posed by the very worst elements online.”

On several fronts, 2020 represented a much more perilous year for businesses based on various pieces of research.

SonicWall analysis published in July, for example, showed that ransomware attacks had increased by 20% in the first half of 2020. This was complemented with research from Check Point that showed attacks in the UK surged by 80% in the third quarter of the year, with Ryuk and Maze the two most common strains hitting UK organisations.

Another report, published in November, found that web application attacks were up a staggering 800% in the first half of 2020 compared to 2019.

In all cases, there was a consensus that the worsening threat landscape was attributable to COVID-19 - in particular, the shift to mass remote working necessitated as a result. Employees across the UK, at short notice, were being asked to work from home where they may be using their own devices, and where IT teams had little oversight.

One in ten cyber attacks received by UK companies in 2020 sought to gain control of devices connected to the internet of things, according to Beaming. Company file-sharing services, databases and web applications were also targeted more than 10,000 times each.

Whether working from home represents an inherent cyber security risk, however, has come under debate. While the mass shift deteriorated cyber resilience in the short term, many argue that principles such as Bring Your Own Device (BYOD) and hot-desking have been long-established in some businesses, which have worked to threat-proof these practices.

Nevertheless, Beaming’s research shows the volume of cyber attacks exploded in March, when COVID-19 forced companies to close their offices and ask employees to work remotely. This higher level was then sustained throughout the remainder of the year.

In terms of the origin of the cyber attacks, Beaming researchers found that the greatest threat came from China, with 189,695 unique IP addresses identified. This was followed by Taiwan, 88,221, Vietnam, 81,570, the USA, 79,019, and Brazil, 73,183.

Keumars Afifi-Sabet

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.