top of page
  • Writer's pictureJared Thompson

39% of Businesses Suffered Security Breaches in the last 12 months

The Government’s Cyber Security Breaches Survey suggests that fewer businesses are identifying breaches or attacks than in 2020 (when it was 46%), and the average annual cost for a business is £8,460 for lost data or assets after breaches.

Almost four in ten (39%) of UK firms reported that they experienced a cyber-attack or data breach in the last 12 months – up from 46% in 2019. This is one of the key findings in the UK Government’s annual Cyber Security Breaches Survey.

The study also found that, despite the decrease in such reports, 27% of businesses are attacked at least once weekly. But there has been an increase of 43% in the number of businesses that have taken up cyber insurance, up from 32% in 2020.

According to the survey, the number of medium (65%) and large (64%) businesses reporting breaches or attacks this year decreased from 2020, when 75% of large businesses identified breaches or attacks.

Cyber Security Breaches Survey stat 2021

Dealing with Covid-19

In response to the changing remote workforce and dealing with Covid-19, 47% of businesses have staff using personal devices for work. Only 18% of personal devices are covered by a cybersecurity policy for working.

There's still a lot of work for businesses to do coming out of the last 12 months; just 23% of businesses cover home working through a cybersecurity policy. Only 34% of businesses have staff who use a VPN whilst working from home.

Despite COVID-19, cybersecurity remains high on the agenda among management boards. 77% of businesses say that cybersecurity is a high priority for their directors or senior managers (vs. 69% in 2016).

With resources stretched during the last 12 months, fewer businesses report having up-to-date malware

protection (83% vs. 88% in 2020) and network firewalls (78% vs. 83% in 2020).

Only 34% have started managing the risk by completing a cyber risk assessment, and only 32% of businesses are monitoring user activity. Which is a decrease from 38% in 2020.

Reporting Incidents

In this year's survey, just 66% of businesses have a formalised incident response process, with 93% of businesses saying they informed their senior managers or directors of their most disruptive breach. Over one-third (36%) of businesses have taken no action since their most disruptive breach.

Cyber Security Breaches Survey

The study highlights that increased incidents have been offset by the improved response and stronger resilience, but businesses continue to suffer from phishing attacks. 83% of businesses have identified a phishing attack in the last 12 months (an increase from 72%), with 27% of businesses finding others impersonating their organisation in emails or online.

Among the businesses identifying any breaches or attacks, from 2017 to 2021, there has been a fall in viruses or other malware (from 33% to 9%) and a fall in ransomware (from 17% to 7%).

77% of respondents to the survey described cybersecurity as a high priority for their directors or senior management team, and 38% said they have board members with a security brief. There is still considerable work to be done with regard to other aspects of cybersecurity,

Just 6% of those surveyed said that they have a specific cyber insurance policy; 37% of businesses have cybersecurity cover as part of a wider insurance policy. 15% have cybersecurity vulnerability audits in the past year, 12% have reviewed supply chain risks posed by suppliers, and 31% have a business continuity plan that covers cybersecurity.

How can you improve your cyber resilience?

Unprepared staff are at a heightened risk of being unaware when working from home or starting a new job. It's important your staff are being trained in cybersecurity regularly; just 14% of businesses said they had trained staff on cybersecurity.

Cyber Security is more important than ever; growing numbers of people in your organisation are at risk from various threats that will disrupt, damage or even destroy your assets or the data that makes up your business.

There’s no technological fix for cybersecurity, and criminals are in a never-ending race to one-up each other. The best long-term, cost-effective answer for your business is to provide cybersecurity awareness training that develops and embeds a culture in your organisation.

The Cyber Resilience Centre can offer your staff security awareness training to provide simple and effective knowledge. Hence, your staff understand their environment and give them the confidence to challenge themselves when something doesn’t look right.

Ready to prepare your staff with security awareness training? Contact us today to learn more.


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page