UK Cyber Security and Cyber Crime Statistics
The UK is currently battling more cyber crime than ever before, as evidenced by the increasing number of cyber attacks and data breaches that have been taking place in recent years.
We have collated the most significant cyber security statistics in the UK from 2022 and made them available in a digestible and ‘take away’ format. All data is fully sourced and acknowledges the UK government’s role in making data publicly available through the National Cyber Strategy.
We will also explain exactly what the UK Government surveys and statistics mean alongside supplementary and verifiable 3rd party insight from reputable sources.
UK Cyber Security Statistics 2022 Full List
The subsequent list of UK cyber security statistics has been compiled from a number of surveys and studies performed by the UK government and renowned cybersecurity institutions including Kaspersky and Cyber Edge. (Sources listed at the end of this article).
- 39% of UK businesses experienced a cyber security incident. Of those, the most common threat was a phishing attempt (83%)
- Of the 39% of UK businesses experiencing a cyber security incident, 21% experienced a more sophisticated attack such as malware or ransomware attack.
- 31% of these businesses (and 26% of charities) estimate they were attacked at least once a week.
- 45% of businesses have seen an increase in cyber security incidents over the past year, with half of those experiencing at least one breach every month.
- 45% of UK businesses say that they have suffered a cyber security incident has had a negative impact on their ability to trade
- Nearly a quarter (24%) of businesses reported suffering business disruption as a result of the last cyber security incident they experienced in the UK
- In 2021 the average amount of time it took to identify a data breach in the UK was 181 days
- 22% of UK organisations have a formal cyber strategy
- Over 54% of organisations do not have a cyber security incident response plan in place
- 19% of UK businesses have a formal cyber security plan in place
- 32% of UK companies have done a cyber security risk assessment
- 16% of UK companies have carried out staff or awareness training
- 7% of UK companies have assessed risks presented by their wider supply chain
- 48% of UK businesses have sought external information on cyber security
- 43% of UK companies have some form of cyber insurance. 5% have a standalone cyber policy.
- 60% of large UK organisations use an outsourced cyber security provider
- 55% of medium UK organisations use an outsourced cyber security provider
- 58% of small UK organisations use an outsourced cyber security provider
- 6% of UK businesses has a Cyber Essentials certification
- 81% of UK companies state their board sees cyber security as a high priority
- 49% of boards discuss cyber security at least quarterly
- 33% of UK companies have a board member with responsibility for cyber security
- The average cost of a data breach is now £3.92 million
- More than two-thirds (68%) of UK charities have experienced a cyber security breach in the last 12 months
- UK company security budgets remained static at 13% in 2022
- Ransomware attacks impacted 73% of all UK organisations
- Around 11% of IT budgets are allocated to security and cyber security
- Around 80% of companies are looking to AI and machine learning in their security setup
- UK companies were able to stop 43% of ransomware attacks before data encryption
- Ransom demanded by hackers was paid by 13% of UK companies
- Ransomware attacks cost each company £880,000 on average in the UK
- 56% of UK companies have a policy to not pay a ransom in the event of a ransomware attack
- 77% of UK companies have cyber security insurance
- 8% of the UK population tried opening a phishing link in the last 12 months
- The UK has issued £52 million worth of GDPR fines to date
- The UK cyber security industry generated a record £10.1 billion in 2021
- Over £1 billion was raised in funding and investment by dedicated UK cyber security firms in the last 12 months, across 84 deals.
- There are around 300,000 individuals in the UK cyber security workforce, with a shortage of ~33,000
- There are 1,838 companies offering cyber security services and products in the UK
Data Sources
About the UK Cyber Security Statistics and Data
UK Government’s Cyber Security Breaches Survey 2022
The Cyber Security Breaches Survey is an official statistic. Since 2016, it has measured the policies and processes organisations have for cyber security, and the impact of breaches and attacks. This infographic shows the key findings for UK businesses.
A cyber-attack is a malicious and deliberate attempt by an individual or organisation to breach the information system of another individual or organisation. 38% of UK micro and small businesses identified a cyber- attack in the last 12 months, with 82% of these businesses reporting phishing attempts, and 25% identifying a more sophisticated attack type such as a denial of service, malware or ransomware attack.
The ability to detect and quickly respond to cyber breaches will help reduce the operational, financial and reputational damage. When experiencing a cyber breach, 84% of UK businesses would inform their board, and 73% would conduct an impact assessment.
However, only 18% of micro and small businesses have a written incident management plan, with qualitative findings suggesting an informal approach with reliance on internal expertise or external business partners such as IT providers.
Many cyber attackers exploit publicly disclosed vulnerabilities to gain access to systems and networks, and so regular updates are essential to guard against emerging vulnerabilities. 82% of UK businesses have up-to-date anti malware protection, and 38% have a policy for patch management. Additionally in the last 12 months; 34% of UK businesses have used security monitoring tools, 17% undertook a cyber vulnerability audit and 13% used threat intelligence.
UK Government’s Cyber Security Sectorial Analysis 2022 Report
The 2022 report by the UK government entitled Cyber Security Sectorial Analysis provides an analysis of the cyber security sector in the UK in 2022.
We extracted the key statistics from it’s findings and incorporated them into our full list of UK cyber security statistics. It found that 24% of businesses have experienced disruption due to cyber security-related incidents in the past year, and that most organizations have increased their cyber security budgets.
The report also discusses the growing demand for qualified professionals in the cyber security sector and the need for training programs that can produce an adequately skilled workforce.
The report emphasizes that understanding the latest advancements in cyber security is essential in order to protect businesses from disruptions. The findings of this report provide important insights for companies who are looking to invest in cyber security solutions and professionals to help protect their businesses from threats.