Cyber crime cost UK businesses more than £30 billion in 2023, and small businesses were among the worst hit

Cyber crime concept art stock image showing an alert symbol in yellow on a red background
(Image credit: Getty Images)

Cyber crime cost UK businesses over £30.5 billion in 2023, according to new research, with more than a quarter of all firms across the country impacted by attacks. 

Analysis from internet service provider Beaming found small businesses were the hardest hit, with a 42% increase in the number of breaches since 2019, and a four-fold rise in the costs of cybercrime.

Overall, the total cost of cyber security breaches was 138% higher than Beaming’s £12.8 billion figure for 2019, when it last surveyed businesses about cyber crime.

The average cost of an incident, including expenses for replacing IT assets, recovering data and financial penalties, was £5,500.

"While large businesses are proving more resilient to cyber crime, the cost of being breached is soaring, and SMEs are being hit harder than ever before," said Sonia Blizzard, managing director at Beaming.

While the rates of cyber crime fell for businesses employing more than 250 people and for one-person businesses, they increased in all SME segments.

Small businesses employing between 11 and 50 people showed the steepest rise in victims, up 42% since 2019, with costs up 396%. More than eight-in-ten businesses with more than ten staff were hit.

Cyber crime rates were highest in Wales, Yorkshire and the Humber, and the South West of England, where the research found that more than half of businesses fell victim to cyber crime. The cost was highest in London, where firms lost a total of £7.1 billion due to incidents across the year.

Manufacturing and finance firms were the most frequently affected by cyber crime, the study found, with more than 85% experiencing breaches last year.

Phishing was the most common type of attack, claiming 679,000 businesses as victims in 2023. Meanwhile, malware claimed around 426,000 victims across the UK, at a cost of almost £2.6 billion.

There's been a rise in social engineering attacks, according to Beaming, up from 2% to 7%, with ransomware and DDoS attacks increasing from just 1% of the business population to 5% each.

412,000 businesses lost sensitive information or suffered other cyber security issues due to employees or contractors in 2023, costing an estimated £1.6 billion last year.

Cyber crime has an emotional impact

The study also looked at the emotional cost of breaches, with virtually all business leaders saying they suffered some form of emotional distress following an attack, and four-in-ten saying they were worried about losing customers.

Meanwhile, the study found that businesses of all sizes have increased cyber security investments, with most now providing cyber security training.

The adoption of sophisticated tools such as network perimeter firewalls, site-to-site VPN technology, and unified threat management devices has also accelerated.

"Businesses are investing in training and technology but they’re under sustained attack," Blizzard said. "So, as the use of technology helps businesses to grow, the investment in cyber security training also needs to be maintained."

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.