The property sector is most at-risk for cyber attacks, new research by Hiscox shows.
The study found that cyber attacks have increased by 9% (from 44% in 2022, to 48% in 2023, with businesses experiencing a median annual loss of over £19,000 due to cyber-related incidents.
Now in its seventh year, the Cyber Readiness Report draws on a representative sample of more than 5,000 companies across eight countries by size and sector, to reflect the direct experience of businesses against the ever-evolving cyber threat.
Scores range from 7-70, with 7 being the lowest risk and 70 being the highest.
The risk score is based on how optimistic business leaders are about their ability to deal with future cyber attacks. It takes into account several factors, including the number and cost of cyber events faced by surveyed firms within each of the sectors.
| Ranking | UK business sector | Hiscox Cyber Risk Score |
| 1 | Property | 51 |
| 2 | Pharma and healthcare | 49 |
| 3 | Travel and leisure | 48 |
| =4 | Professional services | 45 |
| =4 | Food and drink | 45 |
| 5 | Construction | 44 |
| =6 | Government / non-profit | 41 |
| =6 | Manufacturing | 41 |
| =6 | Retail and wholesale | 41 |
| 7 | Energy | 40 |
| 8 | Financial services | 38 |
| 9 | Business services | 37 |
| 10 | Transport and distribution | 35 |
| 11 | Technology, media and telecommunications | 31 |
The research suggests that the property, pharma and healthcare, and travel and leisure sectors were the top three industries most at risk in the UK.
Property made a significant increase with a risk score of 38 last year, and 51 this year. The pharma and healthcare sector also had a higher risk score this year of 49, whereas last year it stood at 39.
Business services made the best improvements to their overall risk scores with 37 this year, down from 42 last year. Retail and wholesale, financial services, and technology, media and telecommunication also all improved their scores over the last 12 months.
Overall risk scores for organisations with 1-9 employees have increased from last year with an increased risk score of 9 points. In contrast, the risk score for organisations with over 1,000 employees has decreased slightly from 38 last year to 36 this year. This shows an improved ability to deal with potential cyber attacks among organisations of this size.
UK cyber threat statistics:
+ Almost half of the UK businesses surveyed (48%) reported experiencing at least one cyber attack in the last 12 months.
+ The number of cyber attacks experienced per company increased this year, with UK businesses experiencing a median of six cyber attacks across 12 months.
+ UK businesses experienced a median annual loss of over £19,000 due to cyber-related incidents. UK organisations with over 1,000 employees experienced the highest costs due to cyber attacks with a median cost of £71,692.50 over the last 12 months.
+ Almost half of UK businesses (46%) have a dedicated person or team responsible for cyber security, with over a third (37%) of businesses regularly discussing and evaluating their security. They have a median spend of 19% of their overall IT budget going towards cyber security.
+ The most common point of entry for cyber attacks in the UK is business email compromise.
+ Almost two-thirds (59%) of UK organisations agree that they are more vulnerable to cyber attacks due to employees working remotely.
Industry impact
- Organisations in the government and non-profit* sector experienced the most cyber attacks, with a median of 38 incidents over the last 12 months. This sector also experienced the highest financial costs of cyber attacks, with a median of almost £60,000 over 12 months.
- Almost half (46%) of businesses in the energy* sector and a third of those in financial services lost customers in the last 12 months due to cyber attacks. Almost three in 10 (27%) within the transport and distribution* sector had a greater difficulty attracting new customers because of this.
Of the cyber attacks UK organisations experienced over the last year, the most common outcome was a misuse of IT resource (29%). This was most heavily seen within the energy* sector with over half (54%) agreeing. This was also the most common response for medium businesses with 250-999 employees, with over two thirds (36%) giving the same answer.
As a result of cyber attacks over the last year, the most common result for businesses across the UK is that security and/or privacy are regularly evaluated and discussed (37%). Over half (55%) of government and non-profit* organisations say they have implemented additional cyber security and audit requirements. Businesses of 250-999 employees said that the highest impact was increased costs associated with notifying customers, with over two in five reporting this (43%).
Three in five UK organisations (59%) agreed that they were more vulnerable to cyber attacks because more employees were working remotely. The pharmaceutical and healthcare sector agreed with this the most, with almost three quarters (74%) reporting the same. Large organisations with over 1,000 employees also agreed, with almost three quarters (72%) stating their organisations were more vulnerable to cyber attacks for this reason.
Over the last year, UK organisations spent a median of £477,950 on their overall IT budget. Businesses with over 1,000 employees spent the most, with a median of £23,897,500. This spend was highest for the financial services sector, at £7,760,070.
Alana Muir, head of Cyber at Hiscox, commented: “Improving digital resilience is a never-ending task for businesses, and the difference in how sectors are able to cope with this is marked. The uptick in attacks witnessed in the UK over recent years is concerning but not surprising.
“Cyber criminals are fast learners and often succeed in keeping one step ahead of the companies they are targeting. It’s important that cyber security and privacy are regularly reviewed, and necessary protections are put in place across all industries, to minimise damage to businesses and customers.”
Comments are closed.