Cyberattacks Cost UK Businesses $55 Billion Over 5 Years, New Research Shows

Latest research shows that UK businesses have lost over $55.08 billion to cybercrime over the last five years. Research from Howden shows that cyberattacks on UK businesses mostly target businesses whose annual revenue exceeds £100 million targets.

On average, UK business data breaches cause companies to lose 1.9% of their revenue according to Reuters, Howden’s UK Cyber threat statistics are based on a survey conducted in September 2024. The survey targeted 905 IT decision makers in the UK’s private sector.

Cyberattack Sources

Small and medium-sized businesses were not spared by cybercriminals. Howden’s research showed that 49% of businesses whose annual revenues range between £2m and £50m reported cyberattack incidents. Overall, 52% of businesses in the survey reported at least one cyberattack incident.

“Cybercrime is on the rise, with malicious actors continuing to take advantage of cybersecurity vulnerabilities, particularly as firms become ever more reliant on technology for their operations,” Howden’s Head of UK Cyber Retail, Sarah Neild said.

Howden’s report cites emails as the main source of UK cybersecurity threats. Compromised emails accounted for 20% of cyberattack incidents reported in the period under review. Data theft is the next common cause of cyberattacks representing 18% of reported cases. On average, the two sources cost UK companies an estimated £2.1m and £2m respectively.

Cybersecurity Measures

Despite the high cybercrime cost on UK businesses, most companies in the country are yet to adopt basic cybersecurity measures. According to Howden’ only 61% of the businesses that participated in the survey were using antivirus software while 55% were using network firewalls.

The low level of cybersecurity measures was attributed to the high cost, inadequate IT resources, and low awareness of cybersecurity practices among businesses. Howden’s cybersecurity report recommends embracing basic cybersecurity practices. By doing so, UK enterprises could reduce cyberattacks by about 75%. This action alone could save average businesses about £3.5m over a decade and yield a 25% return on investment.
Related News –

Policy Recommendations

UK businesses that participated in the Howden survey called for policy changes to facilitate tax relief for enterprises that make cybersecurity investments. They want the government to facilitate access to free cybersecurity resources and expertise for businesses. Businesses also proposed the introduction of mandatory minimum cyber insurance and standards.

“UK businesses are currently losing a significant amount of revenue to cyberattacks, and the insurance industry is crucial to strengthening resilience and raising awareness of the security measures needed to help businesses protect their operations. Through increased insurance penetration and education about implementation, we can help businesses improve their cyber resilience and protect against loss of revenue from these attacks,” Neild added.

Howden emphasized the need for engagement between small and medium-sized businesses and the UK government citing that historically, SMEs have been underserved by cyber insurance.