Howden: How Cyber Attacks cost UK Companies $55bn in 5 Years
Across the globe, the West is grappling with an unprecedented wave of cyber-attacks, targeting everything from private businesses to critical infrastructure.
These attacks are becoming more sophisticated and more frequent, with both state-sponsored actors and cybercriminal groups intensifying their efforts.
While no country is immune, the scale and nature of these cyber incidents are not being distributed equitably.
The UK, in particular, is facing the brunt of this digital onslaught, with recent findings from insurer Howden highlighting how they have lost a staggering £44bn (US$55bn) in revenue over the past five years due to cyber-attacks.
A system under siege
According to Howden, UK businesses are losing an average of 1.9% of their revenue to cyber-attacks.
For larger companies, the situation is even more dire, with those making over £100m (US$126m) in revenue being more likely to fall victim to a cyber breach.
This level of financial impact is unsustainable for most organisations, particularly in a climate where businesses are already facing pressure from economic uncertainty.
The losses in revenue due to cyber-attacks are not only a reflection of the scale of the threat but also point to broader systemic issues in the UK's approach to cybersecurity.
"The state of cybersecurity in UK businesses is facing significant challenges."
The frequency of these breaches is also alarming: more than half (52%) of private sector firms reported at least one cyber-attack in the last five years.
This paints a picture of a nation ill-prepared to weather the growing storm of cyber threats.
The impact is compounded by the fact that many businesses are not adequately prepared to combat these attacks.
Less than two-thirds (61%) of businesses in the UK use anti-virus software, and even fewer (55%) have network firewalls in place.
This is in stark contrast to the growing sophistication of cybercriminals, who are exploiting these gaps with alarming success.
One of the most concerning findings is the rise in ransomware attacks, which have become increasingly destructive. In 2023, global ransomware attacks surged by 85%, with ransomware revenue exceeding US$1bn for the first time.
These attacks often go beyond financial extortion to include the theft of sensitive personal information or commercial data, making them more difficult to mitigate.
Geopolitics and cybersecurity
The geopolitical landscape is also playing a crucial role in shaping the cyber environment.
Howden’s report highlights that 90% of cyber-attacks recorded between April 2023 and March 2024 were politically motivated, underscoring the growing intersection between cybercrime and global politics.
Hostile governments, according to the report, are increasingly shielding criminal actors operating within their borders, allowing them to attack Western companies and infrastructure with near impunity.
This is particularly evident when examining the rise of cyber espionage as a service. As geopolitical rivalries intensify, the demand for cyber tools and services to carry out espionage has skyrocketed.
This growing market has led to the proliferation of cyber-criminal groups offering their expertise to the highest bidder, further complicating the landscape for businesses in the UK and beyond.
Equally, the emergence of Gen AI technology, while offering new possibilities for cybersecurity defence, is another double-edged sword being used in this geopolitical game.
As businesses adopt these tools at a rapid pace, they are simultaneously being outpaced by the technology's use by threat actors.
The speed at which malicious actors are harnessing the power of AI to carry out more sophisticated attacks is a significant concern.
Reforming the country’s cybersecurity
Despite a recognition of the country’s wanting cyber posture, the current state of the UK's cybersecurity posture is concerning.
"The state of cybersecurity in UK businesses is facing significant challenges," Mark Coates, VP EMEA at Gigamon. "Most UK businesses are severely under prepared to effectively handle the rise in cyberattacks.”
One of the biggest issues is that many UK businesses continue to rely on outdated and insufficient cybersecurity measures.
The fact that over 40% of companies are not using essential tools like anti-virus software and firewalls is a clear indication that the nation is not prepared to defend itself adequately against the increasingly sophisticated tactics used by cybercriminals.
The UK needs a far more robust approach to cybersecurity, one that involves stronger public-private partnerships, better education on digital threats, and more comprehensive government policies to protect critical infrastructure.
"Firstly, addressing the problem of legacy technology is crucial; modernising and securing outdated systems will help mitigate vulnerabilities and enhance resilience against sophisticated cyber threats," says Mark.
"Secondly, organisations must address the most common entry point to CNI's which are their extended supply-chains. When selecting suppliers and vetting third parties, it's important to assess not just the quality and price of services offered, but also the IT maturity of the supplier."
With the scale and complexity of cyber-attacks showing no signs of abating, the UK must urgently rethink its approach to cyber resilience. The cost of inaction is simply too high, both in terms of financial losses and national security risks.
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand
- Examining the 'Worst' Telco Cyber Attack in US HistoryCyber Security
- Fastly: Incident Recovery Taking 25% Longer – Why It MattersCyber Security
- Customer Confidence: Hiscox Reveals Growing Cost of AttacksCyber Security
- Solarwinds CISO Wants Global Cyber Laws After Winning CaseCyber Security