Half of UK Businesses Fall Victim to Cyber Attacks in Past Year


A new UK government survey reveals a concerning landscape for business and charity cyber security. Half of businesses and a third of charities reported experiencing a cyber attack in the past year, with phishing scams – where fraudsters trick victims into revealing personal details or clicking malicious links – being the most common tactic.

There’s some positive news, however. Many organisations are fortifying their defences. Firewalls and strong password policies are the most commonly reported measures, offering a significant deterrent against a wide range of attacks.

The survey also identified that larger organisations are more likely to have formalised procedures in place, such as risk assessments, incident response plans, and staff training initiatives. Additionally, larger entities are more likely to possess cyber insurance for financial protection.

There’s a growing awareness of supply chain vulnerabilities, where an organisation is compromised through a weakness in a supplier. However, the survey revealed a lack of formalised procedures to address these risks, which can be highly disruptive.

Encouragingly, engagement with cyber security at board level appears to be on the rise, particularly within larger organisations. This suggests cyber security is being taken seriously at the highest levels.

The proportion of businesses and charities with a formal cyber security strategy has also risen since the previous survey. A formalised strategy equips organisations to identify and manage cyber security risks effectively.

However, a significant knowledge gap regarding government cyber security guidance was identified. This guidance offers valuable resources for organisations of all sizes, and it’s crucial for more entities to become aware of it.

Consultants remain the most popular source for external cyber security guidance, offering services like risk assessments, penetration testing, and staff training.

Concerningly, the survey revealed that only a minority of organisations possess a formal incident response plan, a critical document outlining how an organisation will respond to a cyber attack. Additionally, external reporting of cyber breaches remains uncommon, suggesting a significant number of attacks go unreported.

The survey highlights cyber security as a major concern for businesses and charities. While the survey acknowledges the steps many organisations are taking, there’s still room for improvement. Here are some key recommendations:

  • Implement formal cyber security procedures
  • Consider cyber insurance
  • Develop procedures to address supply chain vulnerabilities
  • Create a formal cyber security strategy
  • Invest in staff training
  • Develop an incident response plan
  • Familiarise yourself with government cyber security guidance

By taking these steps, organisations can significantly bolster their defences against the ever-growing threat of cyber attacks.

Full details can be found in the Government report here.


At the end of November, the UK government introduced their new, updated Product Security and Telecommunications Infrastructure Bill (PTSI).
Cyber Essentials is a government-backed, industry-supported scheme to help organisations protect themselves against common online threats!
A guide to start by taking cybersecurity seriously.
Paddy Bradley MBE talks about his responsibility in ensuring that the Business Cyber Centre (BCC) is a success.