Two-thirds of big British businesses have been attacked by hackers in the last year


Two-thirds of big British businesses have been hit with cyberattacks over the past year, according to a new UK Government report.

And 25% of these companies get breached at least once a month.

On Sunday, the government put out the Cyber Security Breaches Survey for 2016, a study written with research firm Ipsos Mori.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

It examines to what extent British businesses have been affected by cybercrime in the last 12 months, and how. And it turns out a lot of them have been, a lot.

The full report is embedded below if you want to read it, but here are some of the key figures:


  • 65% of large firms detected a breach/attack over the last year (when you include undetected attacks, that number will almost certainly be higher). 25% of these companies experienced breaches on a monthly basis.
  • Only 51% of companies have taken the government's "recommended actions" to reduce risk.
  • 68% of attacks are malware, spyware, and viruses - with 32% being more sophisticated impersonation-based attacks.

Larger companies are - perhaps predictably - targeted more often than smaller ones. Overall, 24% of British businesses have experienced "a cyber security breach or attack" in the last 12 months.

uk government businesses hacked breach 12 months 2016

UK Government

Here's a breakdown of the data showing the nature of the different attacks.

uk government businesses attacks hack breach types 2016

UK Government

Conservative minister Ed Vaizey, writing the foreword for the report, said: "When I speak to businesses it is clear awareness of the cyber threat is now very high. Everyone I talk to agrees the threat is significant and needs to be tackled, but there is a gap between awareness and action, which is highlighted in this report. We see a steady stream of breaches and attacks on firms which assume they are on top of security, but still haven't got a good understanding of the possible impact on their business or what they should do about it."


Here's the full report: