New research from ESET reveals that 53% of UK businesses have fallen victim to at least one attack in the past year, with 43% reporting long-term impact on business growth.
Cyberattacks cost UK businesses £64 billion annually, but many remain underprepared to mitigate the risk of attack, according to new research from cybersecurity provider, ESET. The findings underscore the urgent need for organisations to implement stronger cybersecurity measures, over half of surveyed businesses (53%) report falling victim to at least one attack or breach in the past three years.
The growing threat of attack methods like ransomware, phishing and supply chain attacks continues to impact businesses of all sizes, alongside increased exposure to international threats and the rise of Cybercrime-as-a-Service (CaaS).
The direct costs of cyberattacks account for £37.3 billion of this total cost (£13.1 billion in GVA terms) or 0.7% of business turnover:
Direct costs include ransom payments, stolen/lost funds, legal and regulatory costs, disruption to operations, staff time spent dealing with the attack, costs of third-party expertise and higher cyberinsurance premiums.
The most frequently cited significant direct cost was staff time spent dealing with an attack (63%).
The indirect costs of cyberattacks account for £26.7 billion (£9.0 billion in GVA terms) or 0.5% of business turnover:
Indirect costs include loss of clients, the opportunity cost of redirecting resources to incident response, reduced competitive advantage due to the theft of corporate intellectual property and the subsequent need for increased cybersecurity or IT budgets.
The most significant indirect financial burden was the need to increase cybersecurity budgets, with 66% of businesses identifying this as a major cost and 28% deeming it extremely significant.
Cyberattacks can also have long-lasting consequences, including restricted business growth (43%) and the need to secure additional funding (41%).
For some, the consequences were more severe, with reports of downsizing (14%), entering administration (15%) and undergoing a merger or acquisition (16%) following an attack. For SMEs, growth restrictions were particularly pronounced (45%), while large enterprises were more likely to require additional financing (46%) to recover from an attack.
Despite 43% of businesses bracing for an attack in the next 12 months, nearly half (45%) choose to manage cybersecurity fully in-house, without external expertise and 15% report having no cybersecurity budget at all.
Jake Moore, Global Cybersecurity Advisor at ESET, said: “The rising costs of cyberattacks – both direct and indirect – prove that no business can afford to overlook cybersecurity. With growing public scrutiny on data protection and cybersecurity preparedness, businesses that fail to take proactive measures risk financial losses and long-term damage to trust and credibility. Investing in expert-managed solutions, robust threat detection and staff training can significantly reduce long-term financial and operational risks. Cyber-resilience is no longer optional – it’s essential for safeguarding Business Continuity and maintaining customer confidence in an increasingly digital world.”
