Cyber attacks are costing UK firms billions every year – ransom payments, staff overtime, and lost business are crippling victims

With more than half of firms hit by cyber attacks every year, one-in-eight victims enters administration

Cyber attacks concept image showing a red-colored warning symbol hovering above a laptop used by man in dark room.
(Image credit: Getty Images)

Cyber attacks are costing UK businesses £64 billion a year in ransom payments, staff overtime, lost business, and other associated costs.

Research from cybersecurity firm ESET shows that 53% of UK businesses have fallen victim to at least one attack over the last year, with 43% saying that it's had a long-term impact on business growth.

The top three most common cyber attacks or breaches were phishing attacks, experienced by nearly half, while more than a third were targeted with malware and three-in-ten by attacks - or attempted attacks - against online bank accounts.

This is having a significant effect on the bottom line, the study noted. The most common direct cost was the extra staff time needed to deal with an attack, cited by nearly two-thirds of businesses.

Other direct costs included ransom payments, stolen or lost funds, legal and regulatory costs, disruption to operations, and the cost of bringing in third-party expertise along with higher cyber insurance premiums.

All in all, these direct costs added up to £37.3 billion, or 0.7% of overall business turnover. Notably, the indirect costs were almost as significant, at £26.7 billion or 0.5% of overall business turnover.

The biggest factor here was the need to increase cybersecurity budgets, with two-thirds of businesses identifying this as a major cost, and 28% deeming it extremely significant.

Other indirect costs included loss of clients, the cost of redirecting resources to incident response, and a loss of competitive advantage due to the theft of corporate intellectual property.

"The rising costs of cyber attacks – both direct and indirect – prove that no business can afford to overlook cybersecurity," said Jake Moore, global cybersecurity advisor at ESET.

"With growing public scrutiny on data protection and cybersecurity preparedness, businesses that fail to take proactive measures risk financial losses and long-term damage to trust and credibility."

Cyber attacks have huge long-term implications

ESET also specifically highlighted the long-term effects of cyber attacks. More than four-in-ten businesses reported restricted business growth and a similar number needed additional funding, the study found.

In some cases, the consequences were more severe, with 14% saying they'd been forced to downsize, 15% that they'd entered administration, and 16% that they'd undergone a merger or acquisition.

Small businesses suffered particularly from impacted growth rates, which affected 45%. Meanwhile, large enterprises were more likely to require additional financing to recover from an attack, a problem for 46%.

But despite 43% of businesses expecting an attack in the next 12 months, nearly half said they manage cybersecurity fully in-house, without external expertise, and 15% report having no cybersecurity budget at all.

Impact on UK regions differs greatly

On a regional basis, Southern England is facing the highest financial burden - £20.2 billion in direct costs and £15.5 billion in indirect costs - probably because of a concentration of high-value industries such as finance and technology, the study noted.

Meanwhile, the Midlands gets off the lightest financially, with £4.6 billion in direct costs and £2.6 billion per year.

"With over 50% of UK businesses experiencing a cyber attack in the past three years, it’s clear that no organization is immune. Businesses must shift from a reactive to a proactive cybersecurity strategy to stay ahead of evolving threats," said Matt Knell, UK MD of ESET.

"At ESET, we’ve found that organizations forced to make a reactive investment can spend more than 10 times as much as they would have spent on proactive measures when recovering from an attack."

MORE FROM ITPRO

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.