top of page

New report reveals the average annual cost of cybercrime for businesses is over £15K per victim

The 2023 Cyber Security Breaches Survey from the Department of Culture, Media and Sport has revealed that 59% of medium-sized businesses identified breaches or attacks in 2023, closely followed by 32% of SMEs identifying breaches or attacks.

  • The report findings show that cybercrime remains prevalent among larger organisations, with many smaller organisations still underreporting.

  • The average annual cybercrime cost for businesses is approximately £15,300 per victim.

The cost of living has pushed cyber security further down the priority list for businesses and charities

Three years after the COVID-19 pandemic, the financial repercussions are still being heavily felt for businesses and individuals. The economic climate is struggling, and this means that SMEs are face rising costs, high inflation, increased energy costs and overall economic uncertainty.

Unsurprisingly, but frighteningly this has led to cyber security falling down the priority list for micro businesses, SMEs and charities. Company directors and trustees in smaller businesses (and charities) are also unable to view cyber security as a high priority, which has seen poorer cyber hygiene measures in place amongst organisations.

The government encourages businesses, charities and educational institutions to follow the free help and guidance from the UK cyber security experts at the National Cyber Security Centre (NCSC) and the National Cyber Resilience Centre group.

Other key findings from the latest survey:

  • It's estimated that, across all UK businesses, there were approximately 2.39 million instances of cybercrime and approximately 49,000 instances of fraud due to cybercrime in the last 12 months.

  • Under four in ten businesses (37%) and a third of charities (33%) report being insured against cyber security risks – rising to 63% of medium businesses and 55% of large businesses (i.e., cyber insurance is more common in medium businesses than large ones).

  • Just over one in ten businesses say they review the risks posed by their immediate suppliers (13%, vs. 11% of charities). More medium businesses (27%) and large businesses (55%) review immediate supplier risks. The latter result is up from 44% of large businesses in 2022.

  • Formal incident response plans are not widespread (21% of businesses and 16% of charities have them). This rises to 47% of medium-sized businesses, 64% of large businesses and 38% of high-income charities.

How can The South East Cyber Resilience Centre help SME's to tackle the threat posed by cybercrime?

We provide many free resources designed to improve your #online security, from checklists to Incident Response templates, there's something for everyone. Get yours today and receive our FREE welcome pack here



bottom of page