A decrease in the number of businesses identifying cybersecurity breaches could indicate that criminals are in fact carrying out hidden attacks.
According to a government report, the average cost to companies that have been hit in the last 12 months is estimated to be £8,460, according to the annual Cyber Security Breaches Survey.
Nearly four in 10 firms (39 per cent) reported incidents for the 2021 study, down from 46 per cent the previous year, while the figure for charities remained unchanged at 26 per cent.
Despite the seemingly positive outcome, organisations are finding it harder to monitor employees as they work from home during the pandemic, meaning companies may be less aware of the breaches and attacks their staff are facing.
Concerns around unidentified activity slipping through the net are backed up as other survey results show leaders have not ramped up cyber defences and upgrading devices remotely has become more difficult.
However, the report notes that reduced trading activity due to the pandemic may also be a contributing factor. One in five firms is also using unsupported versions of Windows on computers, posing a significant security risk.
One large organisation revealed that the pandemic meant it was unable to retrieve and upgrade around 70 laptops used by staff running Windows 7, an old operating system which stopped receiving extended support updates from Microsoft in January 2020.
The 2021 survey, carried out by Ipsos Mori for the Department for Digital, Culture, Media and Sport (DCMS), involved 1,419 UK businesses and 487 UK registered charities.
Of those that reported incidents, phishing attacks remain the most common and have risen from 72 per cent among companies in the 2017 survey to 83 per cent in 2021.
Viruses and other malware have fallen from 33 per cent to nine per cent, while ransomware dropped from 17 per cent to seven per cent.Temporary loss of access to files and disruption to websites are the most commonly reported outcomes, at eight per cent for businesses and six per cent for charities.
“The pandemic has taken an unavoidable toll on British businesses but we cannot let it disrupt our high cyber security standards”, Digital Infrastructure Minister Matt Warman said.
“With more people working remotely, it is vital firms have the right protections in place, and I urge all organisations to follow the National Cyber Security Centre’s expert guidance so we can build back better and drive a new era of digital growth.”
The importance of reporting security threats is a serious one. The government has confirmed that Russian state-sponsored hackers has penetrated the security of the UK energy grids – albeit without disrupting them – but despite these intrusions Ofgem has not received a single report from British energy firms.
Sky News reported that the high thresholds for companies in the gas and electricity industry to report hacks left it ignorant of how threats should be handled; one company had tried to file a report, but was dismissed due to the apparent insignificance of the event.
Additional reporting by Press Association