Today: Jan 26, 2025

UK firms lose £44B to cyber attacks amid rising geopolitical tensions

UK businesses have lost £44 billion to cyber attacks in the past five years, with rising geopolitical tensions making the threat more urgent. Despite simple security fixes offering major savings, many firms remain unprepared, leaving critical infrastructure vulnerable.
A Man Sitting in the Dark | John Tekeridis
2 months ago

UK businesses have suffered an estimated losses of £44 billion over the past five years due to cyber attacks, according to a new report by international insurance intermediary Howden. One of the key finding is that with half of private sector companies hit by at least one attack, the major cause may be a lack of basic cyber security measures that leave businesses vulnerable.  The report’s release comes amid escalating geopolitical tensions, with UK officials warning of increased cyber threats linked to Russia’s ongoing conflict with Ukraine. As the digital battlefield heats up, the question isn’t if UK businesses will be targeted—but when and how prepared they are.

According to Howden’s report, 52% of UK businesses have fallen victim to cybercrime since 2019. Large companies earning over £100 million annually are the most frequent targets, with 74% reporting at least one attack. Small to medium enterprises (SMEs) aren’t far behind—49% have also suffered breaches.

Data theft and email compromises are among the most common types of attacks, with each incident costing businesses around £2 million on average. These aren’t just numbers; they represent real damage—lost revenue, tarnished reputations, and disrupted operations.

“UK businesses are currently losing a significant amount of revenue to cyber attacks,” said Sarah Neild, Head of UK Cyber Retail at Howden. “This underscores the urgent need for stronger defenses.” And yet, many businesses remain vulnerable due to a lack of basic protections.

The Cyber Security Breaches Survey 2024, highlights the pervasive threat of cyber attacks, with 50% of businesses and 32% of charities reporting incidents over the past year. Medium and large businesses, as well as high-income charities, are disproportionately affected, with phishing being the most prevalent attack type (84% of businesses and 83% of charities).

Source: Twenty Four-it

If the threat is so clear, the most pressing question is why aren’t more companies prepared? The answer lies in a mix of challenges. The report found that 61% of businesses use antivirus software, and just over half (55%) have network firewalls in place. That’s a good start—but it’s far from enough.

Barriers like cost, lack of expertise, and insufficient IT resources keep many companies from investing in cybersecurity. 26% of businesses cite high costs as a deterrent, while another 26% struggle with a lack of expertise. Meanwhile, 22% report they simply don’t have the internal resources to manage cybersecurity effectively.

And then there’s human error, which remains one of the weakest links. Misconfigured systems, phishing emails, and a lack of training continue to leave doors wide open for attackers. These mistakes are preventable—but only with the right focus and investment notes experts.

The irony is that many of these losses could be avoided with simple measures. Howden’s research shows that implementing basic cybersecurity protections could cut the costs of cyber attacks by as much as 75%. That’s a potential saving of £30 billion over five years.

For businesses, the math is straightforward. According to Howden, investing in basic defenses yields an average 25% return on investment, with companies standing to save around £3.5 million over a decade. In other words, spending on cybersecurity isn’t just about reducing risk—it’s also smart business.

Cyber threats are not static—they’re evolving. Take the rising risk of AI-powered attacks, which experts warn could amplify the scale and sophistication of cybercrime. At an upcoming NATO conference in London, UK officials are expected to spotlight these concerns. Pat McFadden, Chancellor of the Duchy of Lancaster, has already flagged the threat posed by Russian cyber activities and the weaponization of artificial intelligence.

“Russia’s hidden war extends far beyond Ukraine,” McFadden said, pointing to attacks on energy grids and other critical infrastructure across the West. The government is responding with initiatives like the £8.2 million Laboratory for AI Security Research (LASR), which will work with GCHQ to counteract emerging threats.

A stark warning from the Joint Committee on the National Security Strategy highlights the UK’s vulnerability to a crippling cyber-attack on its critical national infrastructure (CNI). These vital assets—spanning energy, water, transport, healthcare, and telecommunications—are essential to keeping society running, according to the National Cyber Security Centre (NCSC).

Recent incidents show just how real the threat is. Just this year, cybercriminals targeted Southern Water, exposing sensitive customer data, and a ransomware attack on the NHS delayed critical blood tests in South East London. In 2020, Redcar and Cleveland Council faced a devastating ransomware attack that locked them out of their systems for nearly three weeks, with repair costs estimated at £11m to £18m.

Another example is the Middlesbrough Council which has been targeted by a second distributed denial of service (DDoS) attack within days, the local authority announced on Monday, November 4. The BBC reports that the first attack occurred last Wednesday, followed by another on Sunday morning.

Although the council’s website experienced disruptions, operations resumed by Monday morning. Officials confirmed no services were affected and assured residents that no personal or council data was compromised. The attacks, claimed by pro-Russian hackers, are part of a series targeting UK councils, including Salford and Portsmouth. Middlesbrough Council said it was working with the National Cyber Security Centre to strengthen defenses against future threats.

Source: Twenty-four.it

Cyber attacks don’t just harm individual businesses—they’re a threat to the entire UK economy. As companies integrate more technology into their operations, their exposure to cyber risks will only increase.

But there’s hope, note Experts. By collaborating across sectors—businesses, government, and insurers—the UK can turn this crisis into an opportunity. Tax incentives, better awareness, and accessible resources can help level the playing field, especially for SMEs that often lack the resources of larger firms.

Still, the question remains: will businesses and policymakers act quickly enough? As cyber threats grow more sophisticated, the clock is ticking.

Fabrice Iranzi

Journalist and Project Leader at LionHerald, strong passion in tech and new ideas, serving Digital Company Builders in UK and beyond
E-mail: iranzi@lionherald.com

Leave a Reply

Your email address will not be published.