In this article we’re going to look at some interesting and current statistics on the state of UK cyber-security taken from a recent survey of over 1,000 senior IT decision-makers in the UK conducted online by Sapio Research in April and May 2021 and published by Keeper Security Inc. — the full report is available here.
The state of play
- 29% of employees didn’t know what Ransomware was prior to their employer being attacked.
- 34% of IT Administrators admitted to using the same password more than once at work.
- 32% of IT Administrators admitted that they use weak login credentials at work, such as “password” & “admin”.
- 28% of UK businesses said that IT was not currently in their top 3 priorities, while 44% said IT is their top priority.
What these statistics show us is that UK businesses are, overall, still not taking cyber-security seriously enough — something that inevitably leads to the following…
- 92% of UK organisations said that they had experienced a cyber-attack in the last 12 months while 72% were successfully breached, at least once.
- 42% of attacks were due to phishing emails.
- 21% of attacks were due to compromised passwords.
- 36% of IT administrators admitted that they had kept a successful cyber-attack to themselves.
Scary statistics given the scale of the cyber-security epidemic the World is facing right now.
It is also interesting to note that, despite the common perception, it is the SME-sized businesses that are the most common victims. This is most likely due to there being many businesses of this size operating, and the fact that companies of this size are less likely to employ cyber-security professionals (in-house or outsourced) or high-end protections than larger enterprise organisations.
Next up, we look at some of the results of recent, successful cyber-attacks in the UK.
The following statistics are taken from UK businesses that fell victim to a successful cyber-attack in the past 12 months.
- 41% of these companies lost over £50,000 due to the breach, while 8% of them lost over £1million.
- 34% of these businesses experienced severe disruption due to being unable to operate for a period following an attack.
- 64% of employees at these firms lost login credentials or documents because of the attack, while 77% said they were unable to access their business systems or network post-attack.
- 64% of these companies said the attack had a negative impact on their organisation’s reputation.
- 49% of employees at these businesses said their employers had paid the ransom, and of those 93% reported budgets had been cut in their departments post-payment.
- 87% of impacted companies enacted stricter security post-attack.
- 62% of impacted companies introduced multi-factor authentication (2FA) pst attack.
The opinions of IT professionals
The next batch of statistics relates to how IT administrators and decision-makers are feeling about the state of cyber-security at their organisations.
- 78% believe that UK businesses are not adequately prepared to deal with the barrage of cyberattacks they are exposed to daily.
- 23% believe that they do not have the right skills to protect themselves.
- 79% said that more needed to be done to educate employees on cyber-awareness, the importance of following cybersecurity best practices, and the consequences of not doing so.
- 47% said that they are worried about cyber-attacks becoming continually more sophisticated, while 27% said it is the rising frequency of attacks that is their biggest concern.
- 76% believe that there should be a member of their organisation’s Board that is responsible for IT security.
- 82% believe that employees should be required to complete a basic level of cyber-security training before they start.
- 91% think that businesses should be legally required to meet a basic cyber-security standard to be allowed to operate or trade.
A bleak picture, not unsurprisingly given that many UK businesses still don’t take the threats against them seriously enough to invest in protecting themselves against them.
It’s true that other World events have taken priority over the past 12 months, but now that things have begun to return to “normal”, it is also time for businesses of all sizes to make good cyber-security a fundamental part of how they operate as we head towards 2022.
Ready to take the first steps toward better cybersecurity?
If you’re ready for IT support and managed services that drastically reduce your cybersecurity risk, get in touch with Supreme Systems today.