Cyberattacks Drain $55 Billion from British Businesses Over 5 Years, Howden Reports

Cyberattacks have been a costly threat for British businesses, with a staggering total of £44 billion ($55 billion) in lost revenue over the past five years. According to a report by Howden, an insurance broker, more than half (52%) of UK private sector companies have experienced at least one cyberattack during this period, highlighting the growing prevalence and impact of cybercrime in today’s tech-driven world.

The Howden survey, which gathered insights from 905 UK private sector IT decision-makers, reveals that businesses are increasingly vulnerable to malicious online activity, with 1.9% of their annual revenue on average being lost due to cyberattacks. Companies with annual revenues exceeding £100 million are particularly susceptible, as they are most likely to be targeted by cybercriminals.

Why Cyberattacks Are on the Rise

Several factors are driving the rise of cyberattacks in the UK. Among the leading causes, compromised emails accounted for 20% of incidents, and data theft contributed to 18% of cases. These methods are not just highly effective for cybercriminals, but they also target businesses at their most vulnerable points—internal communications and critical data storage.

"The rise in cybercrime is no accident," said Sarah Neild, Head of UK Cyber Retail at Howden. "Malicious actors continue to exploit vulnerabilities in cybersecurity systems, particularly as businesses become more reliant on technology for their daily operations."

While these numbers are alarming, they also highlight an underlying problem: many companies are not investing enough in basic cybersecurity measures to safeguard themselves against these attacks. According to the report, only 61% of businesses are using antivirus software, and just 55% are utilizing network firewalls.

The Cybersecurity Gap in UK Businesses

One of the main challenges companies face in improving their cybersecurity defenses is cost. Implementing robust cybersecurity systems can be expensive, and for many smaller businesses, the investment in advanced tools like firewalls, anti-virus software, and encrypted communication channels may seem out of reach. However, as the recent findings suggest, the cost of failing to secure one’s business can far outweigh the price of prevention.

Additionally, many businesses lack the internal IT resources needed to maintain and monitor these systems effectively. This shortage of skilled IT professionals is contributing to a gap in the cybersecurity infrastructure of many organizations. Without adequate in-house expertise, businesses are often left exposed to risks that could have been avoided.

In response to these challenges, experts are urging companies to reconsider their approach to cybersecurity. "Investing in preventative measures, including employee training and external consultations, is essential for reducing exposure to cybercrime," Neild added. "With cybercriminals becoming increasingly sophisticated, businesses cannot afford to leave their systems unprotected."

The Costs of Cybercrime Extend Beyond Financial Losses

The financial impact of cyberattacks is only part of the story. Beyond the immediate loss of revenue, businesses often face long-term consequences that can affect their reputation, customer trust, and even their ability to operate. When a company’s sensitive data is stolen or compromised, it can lead to costly legal actions, regulatory fines, and a damaged public image. For many companies, the fallout from a cyberattack can be as devastating as the attack itself.

In some cases, the damage may even be irreversible. Customers and partners may decide to cut ties with a business that has been compromised, especially if sensitive personal or financial information has been exposed. For this reason, strengthening cybersecurity measures is not just a matter of protecting revenue but of safeguarding the future viability of the business itself.

How Companies Can Protect Themselves

There are several proactive steps businesses can take to protect themselves from cyberattacks. While no system can guarantee complete immunity from attacks, adopting a layered security approach can significantly reduce vulnerabilities:

  1. Invest in Antivirus Software and Firewalls
    Basic protections such as antivirus software and network firewalls can help defend against many common types of cyberattacks. Businesses should ensure these protections are regularly updated to guard against emerging threats.
  2. Educate Employees on Cybersecurity Best Practices
    Cyberattacks often begin with human error—such as clicking on a malicious link or falling for a phishing scam. Regular training sessions can help employees recognize potential threats and take appropriate precautions.
  3. Implement Strong Password Policies
    Weak or reused passwords remain a common entry point for cybercriminals. Encouraging employees to use strong, unique passwords for each account can greatly improve a business’s security posture.
  4. Regularly Back Up Important Data
    Backing up critical business data ensures that even in the event of an attack, a company can quickly recover without incurring major losses. Regular backups are a simple but effective way to mitigate the damage caused by ransomware or data theft.
  5. Consult with Cybersecurity Experts
    Many businesses, especially small to medium-sized enterprises, lack the internal resources needed to combat cybercrime effectively. Partnering with cybersecurity firms can provide the expertise and support necessary to develop and implement a strong security strategy.

Conclusion: A Call to Action

The Howden report paints a worrying picture of the state of cybersecurity within British businesses. With cyberattacks costing UK companies billions each year, it’s clear that many businesses need to do more to protect themselves against these threats. Cybersecurity is no longer optional—it is an essential investment for the survival and growth of businesses in an increasingly digital world.

As cybercrime continues to evolve and become more sophisticated, businesses must take proactive steps to secure their systems, protect sensitive data, and ensure that they have the resources and expertise needed to mitigate risks. With the right strategies in place, companies can reduce their exposure to cyber threats and avoid the financial and reputational costs of a data breach.