Philip Ingram MBE discusses the latest UK cybersecurity facts and statistics and offers some advice.
In an increasingly interconnected world, cyber-crime has become a pervasive threat that affects individuals and businesses alike. The United Kingdom (UK) is no exception, facing a range of cyber security challenges such as ransomware attacks, data breaches, and online fraud. As the reliance on internet-connected devices grows, it is crucial for individuals and organisations to be vigilant and take proactive measures to protect themselves. So, what are the latest facts and statistics on cyber-crime and cyber security in the UK?
The CyberEdge 2022 Cyberthreat Defence Report reveals that the UK is not immune to cyber-attacks, with “more than 80% of organisations experiencing a successful attack in the year 2021/2022.” This represents a significant increase compared to the previous year, indicating the growing prevalence and sophistication of cyber threats. While the UK ranks lower than countries like Colombia, Turkey, and Spain in terms of the proportion of organisations affected, the numbers underscore the urgent need for improved cyber security measures.
Ransomware attacks, a particularly destructive form of cyber-crime, have also seen a significant rise in the UK. The same report highlights that, “over a 12-month period, 73% of UK organisations were targeted by ransomware attacks. This places the UK just behind countries like South Africa, the USA, Singapore, and Saudi Arabia in terms of the prevalence of such attacks. The impact of ransomware attacks can be devastating, causing financial losses and reputational damage to organisations.”
Investing in cyber security is crucial for effective protection against cyber threats. However, the allocation of resources remains a challenge for organisations. The average UK organisation spends approximately 11.3% of its IT budget on security. While this is relatively low compared to countries like Brazil, it highlights the need for organisations to prioritise cyber security and allocate sufficient funds to ensure robust protection.
Despite the importance of cyber security, budgets have remained relatively flat in recent years. CyberEdge’s research indicates that security budgets in the UK remained at around 13% in 2022. While there was a slight increase from the previous year, organisations need to reassess their investment in cyber security to keep pace with evolving threats and ensure adequate protection.
In the face of rapidly evolving cyber threats, organisations are increasingly turning to advanced technologies to enhance their security measures. According to CyberEdge, “79% of UK organisations have a preference for security products involving artificial intelligence (AI) and machine learning.” While this represents a slight decrease from the previous year, it highlights the recognition of the potential of these technologies in identifying and mitigating cyber threats.
Ransomware attacks pose a significant threat to organisations, but proactive measures can significantly reduce their impact. According to the Sophos State of Ransomeware Report 2022, “UK organisations have been successful in stopping 43% of ransomware attacks before data encryption.” This is above the global average and demonstrates the effectiveness of preventive measures. However, it is essential for organisations to continue investing in robust security measures and employee education to further improve their defences against ransomware attacks.
In the event of a successful ransomware attack, organisations face a difficult decision regarding whether to pay the ransom demanded by cyber criminals. In the UK, “approximately 13% of organisations ended up paying the ransom,” according to Sophos. While this is below the global average, it is important to note that paying the ransom does not guarantee the return of encrypted data. Organisations must carefully consider the potential consequences and explore alternative options such as data recovery and incident response strategies. In addition, organisations must consider if they are breaking any other laws by paying a ransom as it would be very easy to fall foul of international sanctions and even the Terrorism Act.
Ransomware attacks can have severe financial implications for organisations. Sophos’ State of Ransomware Report reveals that the average cost of ransomware attacks in the UK was just under £1million. While this represents a decrease from the previous year, it is still a substantial amount that organisations must be prepared to invest in recovery efforts. The costs associated with ransomware attacks highlight the importance of implementing robust security measures and proactive incident response strategies.
With the increasing prevalence of cyber threats, organisations are turning to cyber insurance to mitigate financial risks. CyberEdge report in the UK, 77% of organisations have cyber security insurance.” Cyber insurance is an area we are likely to see several developments around as insurance companies develop their understanding of the risk.
In addition to ransomware attacks, the UK faces other cyber security challenges. The UK contributes “approximately 1.6% of the world’s spam,” according to a Securelist by Kaspersky, Spam and Phishing report 2021, highlighting the need for robust email filtering and security measures. The same report states that, “Phishing attacks also remain a significant threat, with around 8% of UK users attempting to open phishing links.” It is crucial for individuals and organisations to remain vigilant and exercise caution when interacting with suspicious emails and links.
Another Kaspersky report into Stalkerware stated “Stalkerware, a form of malicious software used to monitor and track individuals, has also become a growing concern in the UK. The country reported 430 incidents of stalkerware, ranking third in Europe.” This highlights the need for individuals to secure their devices and employ security measures to protect their privacy and personal information.
The UK cyber security industry has experienced significant growth in recent years, reflecting the increasing demand for cyber security services. In 2020, there were 1,483 cyber security companies in the UK, a 21% increase compared to the previous year,according to Atlas VPN. The industry employs over 50,000 people, with a majority working for large organisations, according to an Ipsos Mori Cyber Security Sectoral Analysis report in 2022.”
With the same report highlighting, “the total revenue generated by the industry surpassed £10 billion in 2021, demonstrating its economic significance.”
As cyber threats continue to evolve and grow in sophistication, the UK must remain vigilant and proactive in its approach to cyber security. Organisations should prioritise investments in robust security measures, employee training, and incident response capabilities. Collaboration among government agencies, businesses, and individuals is crucial to effectively combat cyber-crime and safeguard the UK’s digital landscape. A good starting point for a better understanding is the National Cyber Security Centre.