Cyberattacks cost UK businesses £44bn in past 5 years, according to research by Howden

According to research by Howden, an international insurance intermediary group, half (52%) of UK businesses suffered at least one cyberattack in the past five years, costing £44bn in revenue. The group emphasised that the insurance sector has a vital role to play in increasing business resilience, raising awareness of key operational security measures, and providing incident response services.

The research centred on the results of a proprietary survey of 905 senior IT decision makers from across the UK private sector, conducted by YouGov in September 2024, and explores respondents’ experience of, and attitude to, cybersecurity.

The results of the survey emphasise the significant and widespread threat of cyberattacks on UK businesses. Compromised emails (20%) and data theft (18%) were revealed to be leading causes of cyber-attacks, with the cost of these attacks costing an average of £2.1m and £2m respectively.

Whilst firms with an annual revenue of over £100m were most targeted, with 74% of respondents having experienced a cyberattack over the past five years, the level of threat was high across all firms; half (49%) of SMEs with a revenue of £2m to £50m also suffered a cyber-attack in the same period.

Despite the growing and substantial threat of cyberattacks and wide demographic affected, uptake of even basic cyber-security measures remains low, emphasising a significant gap in knowledge and growing vulnerability in UK firms.

Currently, only 61% of businesses actively use antivirus software, and only 55% employ network firewalls. Firms cite cost (26%), insufficient knowledge (26%) and lack of internal IT resource (22%) as barriers to strengthening cybersecurity.

Howden estimates that by implementing basic cybersecurity measures, UK firms could cut costs associated with cyberattacks by up to 75% (a total of £30bn from 2019-24), saving the average UK business £3.5m over ten years- equating to a 25% return on investment.

UK businesses suggested new policy measures such as tax relief on cyber investment (33%) would be the most effective way of improving cyber resilience within businesses, followed by free access to cyber expertise and resources (32%), compulsory minimum cyber standards (31%) and compulsory cyber insurance (26%).

Howden emphasised the importance of the insurance industry working alongside the UK government to raise awareness of the growing threat and frequency of cyberattacks, and that implementing cybersecurity measures can deliver return on investment.

Sarah Neild, Head of UK Cyber Retail at Howden commented:

“Cybercrime is on the rise, with malicious actors continuing to take advantage of cybersecurity vulnerabilities, particularly as firms become ever reliant on technology for their operations. UK businesses are currently losing a significant amount of revenue to cyberattacks, and the insurance industry is crucial to strengthening resilience and raising awareness of the security measures needed to help businesses protect their operations.

“Engagement with SMEs will be particularly important. This segment has been historically underserved by the cyber insurance market yet forms an important backbone of economic activity, both in terms of its size but also as an engine of growth. Through increased insurance penetration and education about implementation, we can help businesses improve their cyber resilience and protect against loss of revenue from these attacks.”

Howden’s study, therefore, reiterates the crucial role the insurance sector in increasing the cybersecurity resilience of UK businesses by offering advice and incident response services, and the importance of engaging with SMEs, specifically, to ensure this segment is adequately protected and can continue contributing to economic growth.

About the author

Rebecca recently joined us in 2024 as a Senior Content Writer and has experience researching and creating multimedia content. With a keen interest in current and emerging industry affairs, Rebecca responds through a critical lens and, by promoting thought and discussion, aims to increase awareness of UKGI’s work.

Get UKGI Insight In Your Inbox

Regular business news and commentary delivered direct to your inbox each week. Sign up here