While the reported incident rates may seem relatively low, the potential impact of cyber attacks on businesses—including financial losses, reputational damage, and regulatory penalties—underscores the need for proactive cyber security measures and vigilance in today's digital landscape.
The findings from the Azets Barometer January 2024 survey highlight a concerning ‘blind spot’ in the cyber security posture of UK businesses. Despite the increasing prevalence of cyber threats and attacks globally, only 1 in 5 businesses reported having suffered a cyber security incident in the past 12 months. This low incidence of reported incidents suggests that a significant portion of UK businesses may be unaware of or underestimating the cyber risks they face.
The survey indicates that 74% of UK respondents reported no cyber security incidents during the specified period. Additionally, 2% preferred not to disclose their experiences, and 5% were unsure if they had encountered any incidents, further underscoring the potential lack of awareness or transparency regarding cybersecurity issues.
Of the 20% of businesses that did report experiencing a cyber security incident, the majority claimed to have suffered only one incident (16%), while a smaller proportion admitted to experiencing multiple incidents (‘several’).
An interesting observation from the survey is the discrepancy in incident reporting between different sizes of businesses. Larger companies, particularly upper medium-sized businesses, exhibited a notably higher rate of reporting no cyber security incidents compared to the overall average. Among the highest revenue businesses, with incomes ranging between £50 million to £99.9 million, an overwhelming 90% reported no incidents—a figure exceeding the overall survey averages by 40%.
These findings suggest that while larger businesses may have more robust cyber security measures in place, they may also be more susceptible to underreporting or overlooking incidents due to potentially higher levels of investment in preventative measures. However, this could also indicate a false sense of security among larger organizations, leading them to underestimate their vulnerability to cyber threats.
“Based on the number of cyber attacks in total last year, it’s estimated that there are more than four cyber attacks against UK businesses every minute. This doesn’t reconcile with 74% of businesses claiming not to have suffered a single incident at all in the past 12 months,” says Paul Kelly, UK Head of Cyber Services at Azets.
“Even those reporting a single incident are likely to have been targeted more frequently than they realise. It only takes one successful attack to create serious problems.
“A lack of education or technical expertise around cyber security risk are often contributing factors to blind spots that leave businesses exposed to potentially catastrophic financial and reputational damage. This could impact not only their business but their customers, and their customer’s customers.”
There is evidence that businesses are looking to enhance cyber security measures, with strategic investment in cyber security scoring an average of 6.3 out of 10 (0=decrease significantly; 10=increase significantly), as respondents’ biggest priority for the next 12 months.
“Cyber security can be costly, but it should be viewed as an investment that will save your business significant amounts in the long-term by protecting against incidents against the backdrop of an ever-increasing threat landscape,” said Kelly.
The Azets Barometer provides insight into the current and future business climate through the perspective of ambitious mid-market, owner-managed, and family-owned businesses in the UK, Ireland, Norway, Finland, Sweden, and Denmark.
The January 2023 survey is the first in a new triannual series to identify trends relating to economic outlook, financial performance, and emerging threats and opportunities. It reveals cautious optimism among businesses, with an overall average score of 5.6 out of 10.
The UK’s economic outlook for the next 12 months scored of 5.1 out of 10, hinting at a cautious, wait-and-see approach towards prospects. Of the 323 UK respondents, 41% expressed moderate optimism with scores of 6 or above, contrasted with 35% who were more pessimistic, scoring 4 or lower, and 24% opting for a neutral score of 5. This places UK businesses as the least optimistic in the survey.
Economic (6.1 out of 10) and geopolitical (5.7) uncertainties are the highest concerns for among UK business owners, closely followed by talent recruitment and retention (5.2) and regulatory compliance (4.9).
