Hacked off: The rise of cybercrime in the UK

News of cyberattacks against businesses are now commonplace in society, with reports of breaches affecting businesses and organisations of all sizes surfacing almost weekly. In 2024 alone reports have circulated about notable attacks targeting the NHS, Microsoft and a number of smaller businesses including law firms, education institutions and financial services firms; this highlights that no one is immune and everyone is at risk.

In 2024 the UK government reported that 50% of all UK businesses had experienced a cybersecurity breach or attack within the last 12 months. Prior to the war in Ukraine, the UK was the second-most targeted country for cyber-attacks globally, just behind the US; it now ranks 8^th, though the threat remains significant. Anne Keast-Butler, director of GCHQ, recently warned that China poses a genuine and increasing cyber risk to the UK. These remarks followed a series of alleged China-related espionage activity in the UK, including a suspected cyber attack that targeted the records of thousands of British military personnel.

The most common type of breach or attack is phishing, a deceptive method used to steal sensitive information, typically passwords or login credentials, by posing as a legitimate entity  often via email (accounting for 85% of incidents). This is followed, though far less frequently, by incidents where attackers impersonate organisations in emails or online channels (around 11% of total incidents), and then by viruses or other malware including ransomware (4% of incidents).

The impact of such attacks can be devastating, causing immediate disruption to business operations, affecting both staff and clients, whilst also severely harming a company’s bottom line and damaging its reputation. Additionally, under UK GDPR, a business could face substantial fines (up to £17.5 million or 4% of annual global turnover, whichever is higher) if found in violation of data protection laws, and could also be subject to civil claims from affected individuals.

Adding to the complexity, the rise of generative AI presents an additional cybersecurity challenge for businesses. Reports have already emerged of criminals leveraging AI to craft convincing messages, deepfake videos, and audio to trick unsuspecting victims into mistakenly transferring large sums of money. AI presents both a significant challenge and a powerful tool in the cybersecurity landscape, as it can simplify entry for cybercriminals while simultaneously strengthen defensive strategies.

How can you protect your business from falling victim to these threats?

There are a number of basic practical tips that can help businesses protect themselves from being a victim of a cyberattack which include:

• Conducting regular staff training on recognising phishing attacks, including phishing simulations, practical sessions.
• Implementing multi-factor authentication (MFA) across all devices and accounts, and educating staff on its proper use.
• Regularly updating and patching systems to close vulnerabilities.
• Implementing an effective incident reporting framework to quickly identify, contain, and report incidents to regulators or insurers as needed.