Cyber security breaches in 23/24

1. Incidence of Cyber Breaches and Attacks

Group

% Experienced Breach/Attack

All businesses

50%

All charities

32%

Medium businesses

70%

Large businesses

74%

High-income charities

66%

2. Types of Cyber Attacks Experienced

Attack Type

Businesses

Charities

Phishing

84%

83%

Impersonation

35%

37%

Viruses/Malware

17%

14%

3. Cost of Most Disruptive Cyber Attack

Group

Average Cost

All businesses

£1,205

Medium & large

£10,830

Charities

£460

4. Cyber Hygiene Measures Adoption (Businesses) 

Cyber Hygiene Measure

2023

2024

Up-to-date malware protection

76%

83%

Restricting admin rights

67%

73%

Network firewalls

66%

75%

Agreed phishing email processes

48%

54%

5. Cyber Security Risk Management Actions

Action

All Businesses

Charities

Medium Businesses

Large Businesses

Risk assessments

31%

26%

63%

72%

Security monitoring tools

33%

23%

63%

71%

Cyber insurance

43%

34%

62%

54%

Supplier risk review

11%

9%

28%

48%

6. Board Engagement in Cyber Security

Engagement Level

All Businesses

Charities (high income)

Medium Businesses

Large Businesses

High priority by senior management

75%

63%

93%

98%

Explicit cyber responsibility on board

30%

30%

51%

63%

Cyber strategy in place

47%

58%

66%

7. Awareness and Action on Cyber Essentials and Government Guidance

Standard/Guidance

All Businesses

Charities

Medium Businesses

Large Businesses

Awareness of “10 Steps”

13%

18%

37%

44%

Action on all 10 Steps

3%

3%

14%

27%

Action on 5+ Steps

39%

32%

80%

91%

Awareness of Cyber Essentials

12%

11%

43%

59%

Adhering to Cyber Essentials

3%

3%

-

-

8. Incident Response Preparedness

Preparedness Type

All Businesses

Charities

Medium Businesses

Large Businesses

Formal incident response plan

22%

19%

55%

73%

External reporting of major incidents

34%

37%

-

-