Cybersecurity measures and preparedness
Nearly half (45%) of UK businesses manage cybersecurity fully in-house, while 42% adopt a hybrid model combining in-house and outsourced functions and only 13% fully outsource their cybersecurity functions. Cybersecurity readiness and certification levels are high, with 59% certified under Cyber Essentials or Cyber Essentials Plus and 46% meeting ISO cybersecurity standards; 85% of businesses also report a dedicated cybersecurity budget. Most UK businesses (77%) plan to increase their budget in the upcoming year. The primary drivers behind these increases include growing cyber risk concerns (69%), greater financial resources (46%) and recent cyber attacks (16%) influencing budget decisions.
Prevalence of cyber attacks
Cyber attacks remain a significant challenge for UK businesses, with 53% of UK businesses reporting an attack in the past three years. Looking ahead, 43% of respondents believe their organisation is likely to experience a cyber attack within the next year.
Cost of cyber attacks
Cyber attacks cost UK businesses an estimated £64 billion annually, with £37.3 billion in direct costs and £26.7 billion in indirect costs. Consumer-facing services face the highest absolute costs (£18.5 billion). On a regional basis, South England bears the highest financial burden (£35.7 billion), while the Midlands experiences the lowest (£7.2 billion). The most significant direct cost was the time spent by staff on dealing with such attacks, whereas the most significant indirect cost was the subsequent increase in cybersecurity budgets. Despite the cost, 93% of businesses experiencing attacks reported having sufficient reserves to cover the costs of the attack, with financial and insurance firms being the most prepared.
Impact of cybersecurity on turnover
The majority of businesses (53%) note that cybersecurity has a positive impact on turnover beyond just improving security. Cybersecurity investment boosts UK companies revenue by 0.5%, which translates to £27 billion. Key channels through which cybersecurity investment positively impacts growth included winning clients (70%) and IT system improvements (68%). The information and communication sector saw the highest positive impact, with an average impact on turnover amounting to 1.2%.