A new report from Howden reveals that cyberattacks are becoming a growing threat for UK businesses, with 52% of companies reporting at least one incident over the past five years. The financial impact has been severe, with estimated losses totaling £44bn in revenue.
Larger firms, particularly those with annual revenues exceeding £100mn, face a higher risk. Nearly 74% of these companies reported cyberattacks during the survey period.
However, small and medium-sized enterprises SMEs are also vulnerable, with 49% of businesses generating between £2mn and £50mn experiencing cyber incidents.
Email compromise and data theft are the most common types of attacks. Businesses reported that these incidents cost them an average of £2.1mn and £2mn, respectively.
Despite the growing threat, many UK businesses remain behind in adopting basic cybersecurity measures. Only 61% of businesses have antivirus software in place, and just 55% use network firewalls.
The top barriers to improving cybersecurity include cost, lack of knowledge, and limited internal IT resources, each cited by 26% of respondents.
Howden suggests that implementing fundamental cybersecurity measures could reduce the cost of cyberattacks by around 75%, potentially saving businesses £30bn between 2019 and 2024. Over a decade, companies could achieve an average savings of £3.5mn, equating to a 25% return on investment.
UK businesses are currently losing a significant amount of revenue to cyberattacks, and the insurance industry is crucial to strengthening resilience and raising awareness of the security measures needed to help businesses protect their operations.
Sarah Neild, Howden UK Cyber Retail Head
“Engagement with SMEs will be particularly important. This segment has been historically underserved by the cyber insurance market yet forms an important backbone of economic activity, both in terms of its size but also as an engine of growth. Through increased insurance penetration and education about implementation, we can help businesses improve their cyber resilience and protect against loss of revenue from these attacks.”
Businesses are calling for more support to strengthen their cyber resilience. Proposed measures include tax relief on cybersecurity investments, free access to cybersecurity expertise, and the introduction of compulsory minimum cyber standards. Many also support mandatory cyber insurance as part of a broader policy initiative.
The findings are based on a survey conducted by YouGov in September 2024, involving 905 senior IT decision-makers from private sector firms across the UK.