Large scale cyber security breaches make the headlines but about 70% of organisations are not reporting their worst security incidents- so what is making the news is just a small proportion of the breaches that are actually taking place.
Britain was being targeted by up to 1,000 cyber attacks every hour in 2014. The latest published figures in 2016 don’t even quantify the latest rates- except to say that 24% of ALL businesses they surveyed had had one or more cyber security breaches in the past 12 months.
For small organisations the worst breaches cost between £65,000 and £115,000 on average and for large organisations may run to many millions of pounds. These costs can occur as direct financial losses due to fraud or theft; the loss of productivity due to time spent recovering from the effects of a successful attack; or the lost of trust and reputation.
According to the latest report by the Office of National Statistics (ONS), there were 5.8 million incidents of cyber crime and fraud in the 12 months up to March 2016, affecting one in 10 people in England and Wales.
Just over half of the fraud incidents were cyber related, with 28% of these being non-investment fraud relating to online shopping or computer service calls. Some 68% of computer misuse crimes were related to malware and 32% were from unauthorised access to personal information including hacking.
However, the ONS cyber crime and fraud figures are an estimate, as specific questions relating to cyber crime were only added to the survey in October 2015 following a field trial.
According to the ONS, cyber crime now makes up 40% of all recorded criminal incidents.
The technical capabilities of cyber criminals continue to outpace the UK’s ability to deal with cyber threats.
For the majority of organisations, the main two lessons to take from these statistics are the rapid evolution of cyber crime, and the number of threats that any individual or organisation will face.
As a result investment tends to flow into areas where it will be most productive, and crime is no different. How safe do you think your organisation is?
The estimate of 1000 attacks per hour is based on the BIS Cyber curity Breaches Survey 2014. We took the number of organisations that reported that they were attacked ‘hundreds of times a day’ in different ways, and assumed that each of these responses were attacked a minimum of 100 times per day, we worked out that there were at least 24156 attacks per day across the 1098 organisations surveyed. Dividing this by 24 suggests that there are a minimum of 1000 attacks per hour.