UK Cyber Security
A survey indicates that two-thirds of all UK big business have suffered cyberattacks during the past year, and many were preventable. Reuters

Threats from hackers to British businesses are only getting worse, with a survey now revealing that two-thirds thirds of all big businesses in the UK were breached at some point or the other in the past year. Overall, 24% of businesses in the UK were breached, mostly either medium or large firms.

The Cybersecurity Breaches Survey, undertaken by Ipsos Mori for the UK government, shows that the most common types of cybersecurity breaches were viruses, spyware or malware, and impersonation of the organisation. The survey commissioned by the Department for Culture, Media and Sport, as part of the National Cybersecurity Programme, found that only half of all firms surveyed had implemented basic security controls across five major areas laid out under the government-backed Cyber Essentials Scheme.

Those who did manage to detect the breaches in the past 12 months had to incur an average estimated cost of £3,480 ($5,020). The number for large firms was much higher at £36,500.

Digital Economy Minister Ed Vaizey termed the breaches worrisome and said: "The UK is a world-leading digital economy and this government has made cybersecurity a top priority. Too many firms are losing money, data and consumer confidence with the vast number of cyberattacks. It's absolutely crucial businesses are secure and can protect data."

The survey also reveals that seven out of 10 attacks on all of these firms could have been prevented. One of the reasons for this seems to stem from the fact that while 53% of all businesses in the country consider online services to be a core part of their offering, only a fifth of them have a clear view of the dangers of sharing information with third parties. Surprisingly, fewer (34%) have rules specifically catering to personal data encryption, which has been the chief cause of various high-profile cyber security breaches recently.

The research makes recommendations for improvement across all businesses and asks businesses to document and formalise their approaches towards such policies. Organisations also need to have basic user-access controls on devices within the organisation as well as those provided to employees from the company.

The survey shows that while medium and large businesses have more sophisticated approaches to such breaches, they are also the ones who are most vulnerable. To improve their defences, they need to implement stricter data encryption rules, offering training regarding such instances to staff and also use their market position to raise standards among smaller suppliers.

The survey was done mainly through telephonic interviews of 1,008 UK businesses (small, medium and large) from 30 November 2015 to 5 February 2016.