Small and medium sized businesses (SMEs) in the UK have seen cyber resilience decline in the last year, according to new research from Censornet. Over half (51 percent) of SMEs believe their cyber security requires development to be future-proofed, up from 40.5 percent the previous year.
The new findings are taken from Censornet’s ‘Cyber Resilience Report 2023’ - an annual survey gathering insights from 200 UK-based IT and security leaders.
The research shows email attacks emerged as the top cyber security incident, with one in three organizations suffering a serious attack due to an employee opening a compromised email, up from 16 percent a year earlier.
This is likely to be due to the ability of SMEs to prevent email attacks - which is in decline. Just over one in three (37 percent) can block dangerous attachments from reaching the email inbox of users, a 14 percent decrease since last year. Only 29 percent of organizations can successfully quarantine suspicious or malicious emails, down from 34.5 percent a year earlier. In the public sector, these figures fall even lower to 33 percent and 23 percent respectively.
While email attacks are increasing, other types of cyber breaches and attacks are showing signs of falling. Only 17 percent of organizations suffered a ransomware attack, compared to 21 percent a year earlier. The average cost of a ransomware attack has also fallen by 37 percent from £144,000 to £91,000. However, the number of SMEs paying the ransom has jumped dramatically from 21 percent to 85 percent.
Less than a fifth (19 percent) of businesses suffered a significant outage lasting more than a day, down from 33 percent last year. While the number of SMEs experiencing data loss from a cyber attack fell from 30 percent to 26 percent.
The cost of cyber attacks also goes beyond the immediate cost of paying a ransom, leaving organizations facing reputational damage, poor moral and regulatory fines. Over a quarter (27 percent) of SMEs had a meaningful percentage of the workforce leave the company or change roles, 25 percent believe their customer service and support staff were negatively impacted, and 22 percent suffered damage to shareholder and customer confidence.
About the research
Censornet’s research was conducted in April 2023, surveying 200 IT decision makers at UK mid-market organizations. The online research explored the biggest attacks of 2022, the challenges facing SMBs and their plans for investment in 2023.