The UK Government’s Cyber Security Breaches Survey 2024 reveals that half of UK businesses and two-thirds of charities experienced cyber incidents or data breaches in the past year, marking an increase compared to the previous year’s figures. Large businesses were most affected, with 74% reporting breaches, followed by medium-sized (70%) and small businesses (58%). Phishing attacks were the primary cause of breaches, affecting 84% of businesses and 83% of charities.
Despite the high prevalence of cyber incidents, the survey indicates that the majority of affected organizations were able to restore operations within 24 hours. However, about 13% of businesses reported negative outcomes, including website slowdowns, loss of access to files, and monetary theft. Medium and large businesses were more likely to experience adverse effects, with 32% of them reporting at least one issue.
The financial costs associated with cyber incidents vary significantly across different business sizes. While the mean short-term direct cost per incident was £510 ($646) for all businesses, medium/large businesses incurred substantially higher costs (£4670 or $5923) compared to micro/small businesses (£330 or $418). Long-term costs, including software upgrades and legal fees, averaged £240 ($304) across all businesses, with medium/large businesses bearing the brunt at £3550 ($4503).
The survey also highlights areas of concern, such as limited focus on risk management and incident response. Only a small proportion of businesses review the risks posed by immediate suppliers, and less than a third have undertaken cybersecurity risk assessments in the past year. Additionally, external reporting of breaches remains uncommon, with only 34% of businesses sharing breach information outside their organization.
