Phishing still a major issue for British businesses as new report names it the most common UK cybersecurity incident

Next story

A new study from ESET reveals the state of cybersecurity for UK businesses, highlighting the most common types of cyber incidents and the worst-hit sectors.

ESET, a global leader in cybersecurity, has conducted a study into the state of cybersecurity for businesses in the United Kingdom, analysing historic data to discover how the rates of cybersecurity incidents are changing. The analysis also looks to uncover which industries are targeted the most and which cyber incidents are most common amongst UK businesses. 

The research revealed that it's the media sector which has been hit the hardest by cybercrime with 39 reported incidents, followed by online technology and telecoms and retail and manufacture.

Out of all the incidents reported, phishing was by far the biggest incident type with 2,694 cases reported, which was 1,350 more than unauthorised access in second place.

The most common types of cybersecurity incidents since Q1 2019/20 

How have cybersecurity incidents increased?

Q2 of 2020/21 saw the highest number of cybersecurity incidents with 737, possibly due to people working online from home due to COVID restrictions and a number of experts reporting a 105% increase in ransomware attacks in 2021. 

The sectors with the highest proportion of cyber incidents

While it had a relatively low number of data security incidents overall, the Media sector had the highest share of cyber incidents.

Retail and Manufacture had the highest number of cyber incidents overall at 943, followed by General Business (858) and Finance, Insurance and Credit (788). Cybersecurity comes in all different forms, from a hacker simply guessing your passwords to your personal belongings such as a laptop or mobile phone being stolen, but which types of cybersecurity incidents are the most common?

When looking at cyber incidents overall, ‘Data emailed to incorrect recipient’ is the most common with 3,719 occurrences since Q1 of 2019/20. ‘Data posted or faxed to incorrect recipient’ and ‘Loss/theft of paperwork or data left in insecure location’ followed by 2,806 and 1,931  occurrences respectively. 

Jake Moore, Global Cybersecurity Advisor at ESET, commented on the findings: “Clever phishing attempts are increasing and can even deceive those who are aware of them. Reading something which applies pressure or urgency to verify or hand over information, can easily make people overlook the scam, which often shows no obvious or immediate clues. Verifying authentic emails has never been more important but remains your best bet in beating the fraudsters. Criminals continue to use emails as their number one attack vector of choice in the hope that they can install malware or take over email accounts, masquerading as someone known to the victim to siphon off sensitive information. Organisations must ensure they are prepared for phishing emails by having robust controls in place such as spam filters and multi-factor authentication, however, user awareness and training remain the best defence against these increasing attacks.”

Tips to tighten up your cybersecurity

1. Ensure your network is secure

Where possible, employees should be working on work-specific devices rather than personal ones, so that you can ensure that they’re all properly secure with all the right safeguards such as multi-factor authentication, VPNs and endpoint protection. 

2. Backup your data

If you’re not careful, then a cyberattack could lead to you losing important data for good, so it’s vital that data is backed up in case the worst should happen. However you choose to do it, whether via the cloud or a local storage device, data should be backed up frequently.

3. Educate staff

You can have all the best protection in place, but it’s also important that employees play their part in cybersecurity efforts and are clued up on the threats that they could face. Make sure that everyone is on the same page when it comes to best practices and the red flags to look out for in terms of scams and attacks.

4. Encrypt sensitive data

As well as backing up data, you should also encrypt anything that is particularly sensitive. Encryption essentially takes your data and makes it incomprehensible to anyone who may be able to access it, giving you an extra layer of protection.


All data is sourced from the ICO (Information Commissioner’s Office)’s data security incident trends and shows the number of reports of personal data breaches received by the ICO in the period from Q1 2019/20 to Q2 2021/22.

Cyber incidents are defined as those with a clear online or technological element that involves a third party with malicious intent.

About ESET
For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multifactor authentication, ESET’s high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defences in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET’s R&D centres worldwide, working in support of our shared future. For more information, visit our website or follow us on LinkedIn, Facebook and Twitter.