Statistics on Data Breaches in the UK, 2021
Compromised cyber security can be detrimental to any business or organisation. In our digital age, with our ever-growing reliance on digital communication and services, protecting data effectively is more important than ever.
This importance was increased with the onset of the COVID-19 pandemic in 2020. This changed the way in which we all worked, with people working from home and businesses and companies operating remotely and almost exclusively online.
This resulted in new ways for criminals to target data and breach security, as the policies and precautions in place in the workplace may not be in place at home. In November 2020 the government launched the National Cyber Force (NCF) to counter the increasing issue of cyber crime and data breaches.
While the pandemic has subsided somewhat in late 2021, and many people are back to working in offices, a large number of workers have opted to stick with the work from home approach. This instils the need for companies to ensure all their workers, office based or remote, are aware of the threat of data breaches.
Considering this, here are some recent UK data breach statistics that outline how real the threat is and whether businesses are taking it seriously:
- 39% of businesses and 26% of charities reported having some kind of cyber security breach or attack (for businesses, this is down from 46% from last year, while charities’ results are unchanged)1
- 49% of businesses that reported a cyber breach or attack say this occurs at least once a month, while 27% experienced a breach or attack at least once a week 1
- 21% of businesses that reported a cyber breach or attack experienced a negative outcome (e.g. a loss of money or data)1
- The average cost of cyber security breaches for businesses is estimated to be £8,4601
- 83% of cyber breaches or attacks on businesses were phishing attacks - staff receiving fraudulent emails or being directed to fraudulent websites 1
- 52% of businesses and 47% of charities took some sort of action to identify cyber security risks, meaning 48% and 53% respectively took no action 1
- Only 12% of businesses have reviewed the cyber security risk of their immediate suppliers, with just 5% also reviewing their wider supply chain (this was 8% and 4% respectively for charities)1
- 43% of businesses are insured against cyber risks in some way, either with cover as part of a wider insurance policy (37%), or with a specific cyber security insurance policy (6%)1
- Just 14% of businesses had training or awareness raising sessions on cyber security1
- Of interest in light of the COVID-19 pandemic, only 23% of businesses have formal cyber security policy covering remote or mobile working1
- 50% of businesses undertook action on at least 5 steps of the government’s 10 Steps to Cyber Security guidance, while only 4% undertook action on all 10 steps1
- There were 2,090 COVID-19 related malicious files detected since October 2020. For reference, the most detections in this period was 1,112,539 in the US, with the second most being 799,860 in Spain2
- 35% of UK organisations said they had been hit by ransomware, just below the global average (37%)3
- The average cost for UK organisations to rectify the impacts of ransomware attacks was $1.96 million, just above the global average ($1.85 million)3
- New ransomware samples increased by 106% over the past year4
- 11.2% of UK businesses’ IT budgets were allocated to their information security. This is the third lowest of the 17 major countries surveyed, with businesses in Mexico allocating the highest percentage with 15.9%5, 6
Training Helps Ensure You Don’t Become a Statistic
Ensure your staff understand the importance of mitigating and preventing data breaches and the risks that data breaches pose by training them in managing personal data breaches. With the majority of breaches occurring as a result of human error, the need to provide adequate training has never been so important.
If you want to learn more about this data or more about data breaches then feel free to contact us.
(Government) Cyber Security Breaches Survey 2021: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021
McAfee tracking Covid related malicious files: https://www.mcafee.com/enterprise/en-gb/lp/covid-19-dashboard.html#overview
The State of Ransomware 2021: https://news.sophos.com/en-us/2021/04/27/the-state-of-ransomware-2021/
The Daily Swig Covid and Cyber: https://portswigger.net/daily-swig/the-age-of-covid-19-lockdowns-and-cybersecurity-12-months-on
Cyberthreat Defense Report: https://www.imperva.com/resources/resource-library/reports/2020-cyberthreat-defense-report/
Comparitech article: https://www.comparitech.com/blog/information-security/uk-cyber-security-statistics/