Cyberattacks surged over fivefold during the height of the pandemic, with large U.K. organisations each facing an average of 885 attempted cyberattacks in 2020 – up from 156 the previous year and more than triple the global average of 270 – according to new research from Accenture’s State of Cybersecurity Resilience 2021 study.
The research, which includes a survey of nearly 500 U.K. executives, finds large U.K. companies risk becoming overwhelmed by the cost of cybercrime, estimating that cyber incidents and breaches are costing them over £1.3 million a year – £350,000 more than the global average.
A quarter of these executives also report having to increase cybersecurity budgets by 10% or more to tackle growing threats and protect their data. Over 80% of organisations now say the cost of staying ahead of cybercriminals is unsustainable, a fifth more than the previous year.
The report also shows that organisations must look beyond their own cyber defences to their wider ecosystem to help stay secure. Indirect attacks through the supply chain accounted for 64% of U.K. cyber breaches, increasing by a quarter (26%) from the year prior.
“UK businesses are under siege. This past year they’ve not only had a global pandemic to cope with, but also an extraordinary increase in the number of cyberattacks they’ve had to defend against,” said Giovanni Cozzolino, Security Lead for Accenture in the U.K. “It’s clear that cybercriminals are taking full advantage of the overnight shift to home working and digital operations. Enterprises need to be on high alert. Whether sophisticated nation-state actors or run of the mill cybercriminals, adversaries are clearly getting more resourceful and launching attacks from every angle.”
However, there are signs U.K. businesses are improving their cyber defences. Despite soaring attempted attacks, the research found that U.K. organisations saw fewer successful breaches than the previous year – 17 compared to 30. This is also significantly lower than the global average of 29 successful breaches. There has also been an improvement in fixing breaches if they do occur – just 10% of U.K. organisations take longer than 30 days to remediate a successful attack, compared to 22% in the previous report.
Nonetheless, the findings suggest successful breaches are doing more damage and putting data at significant risk. Nearly half (49%) of executives at large U.K. businesses report that their organisation lost over 100,000 customer records over the course of last year, a worrying leap of 28% from the previous year.
Cozzolino added: “U.K. organisations have shown incredible strength and resilience despite the rising numbers of attempted attacks. But there is still a long way to go, as more customer data continues to be exposed and new threats emerge through complicated supply chains. Faced with high costs in a difficult economic environment, they must be smart with how they spend on security. Spending more without being closely aligned to the business doesn’t make your organisation safer. To achieve sustained cyber resilience, chief information security officers need to collaborate with the right executives in their organisation to understand where to prioritise.”