UK cyber security and cyber crime statistics

Cyber crime is impacting users across the globe. As individuals and businesses increasingly rely on internet-connected devices, malicious attackers continue to take advantage. Now, more than ever, we need to be on high alert. The UK is far from immune to the impacts of cyber crime and is feeling the effects of various threats such as ransomware attacks, data breaches, and online fraud. In November 2020, the UK government launched a new National Cyber Force (NCF) to tackle the growing problem of cyber crime.

Below, we paint a picture of the UK cyber crime and cyber security landscape with the latest facts and statistics.

1. More than 80% of UK organizations experienced a successful attack in 2020/2021

The CyberEdge 2020 Cyberthreat Defense Report (CDR) provides a breadth of insight into cyber security in countries all over the world. It found that in the UK, 82.3 percent of organizations had experienced a cyber attack in the year prior to the study. While this sounds high, the UK was far from the worst-hit country with Mexico (93.9 percent), Spain (87.5 percent), and Italy (85.7 percent) all seeing a higher portion of organizations deal with attacks.

2. Over a 12-month period, ransomware attacks affected 55% of UK organizations

CyberEdge also investigated the rate at which companies were hit with ransomware attacks. More than half of UK organizations dealt with a ransomware attack, which puts it in the bottom six with South Africa, Australia, Spain, Brazil, and Japan. The hardest hit was China where 76 percent of companies experienced a ransomware attack over the 12 months prior to the study.

3. 11.2% of UK IT budgets are spent on security

The average security spend as a percentage of a company’s IT budget ranged from 10.6 percent in Japan and France to 15.9 percent in Mexico. UK firms had the third-lowest spend at just over 11 percent of their respective IT budgets.

Budget spend chart.
Source: CyberEdge

4. Security budgets rose by an average of 4.9% in 2020

While UK companies are lagging with their security budgets, they are increasing. CyberEdge found that budgets went up almost 5 percent in 2020, which was about average compared to other countries in the study.

5. Around 83% of UK organizations favor security products involving AI and machine learning

One more interesting area CyberEdge studied was how drawn companies are to the use of advanced technologies such as AI and machine learning in security products. It found that roughly 82.8 percent of British firms had a moderate or strong preference for these types of products. The UK was roughly in the middle of the pack with Turkey (100 percent) topping the list and Australia (72 percent) taking the bottom spot.

6. Around one in five ransomware attacks in the UK were stopped prior to data encryption

The Sophos State of Ransomware Report 2020 delves into ransomware statistics specifically and found that, in the UK, organizations managed to block 22 percent of ransomware attacks before data was encrypted. This was just below the global average of 24 percent. To put things in perspective, Turkish businesses stopped 51 percent of attacks while those in Spain blocked 44 percent.

7. 13% of UK organizations ended up paying the ransom

For attacks that were successful, around 13 percent of UK companies went ahead and paid the ransom demanded by cyber criminals. This was well below the global average of 26 percent and far lower than the top payers. In India, 66 percent of organizations paid while in Sweden, the figure was 50 percent, and in the Philippines, 32 percent.

8. The average cost of ransomware attacks in the UK was around $840,000

While only a small portion of companies paid the ransom, these types of attacks can still be very expensive to fix. Indeed, Sophos found that the average cost for UK organizations was $839,796.42. This put the UK in the top eight countries for ransomware remediation costs. Sweden and Japan headed the list with average costs of $2.75 million and $2.19 million respectively.

Chart showing average costs.
Source: Sophos

9. 88% of UK organizations have cyber security insurance

Cyber insurance is a hot topic these days and an increasing number of companies are rolling it into their policies. Some 88 percent of UK organizations have cyber insurance, putting the country in eighth place on this list. 70 percent of those with cyber insurance have ransomware protection included, which is above average.

10. Around 1% of spam originates in the UK

A Kaspersky study determined how much spam originates in various regions around the globe. The top offenders were Russia (21.27 percent), Germany (10.97 percent), and the United States (10.47 percent). The UK wasn’t without fault however, and contributed 1.04 percent of the world’s spam.

A spam source map.
Source: Kaspersky

11. Around 10% of people tried to open a phishing link in 2020

Another area of the Kaspersky study looks at how many users in a region have attempted to open phishing links in 2020. Brazil had the worst figures in this regard, with 19.94 percent of users trying to open phishing links. The UK saw roughly half this figure at 9.75 percent. Other regions with higher figures included Cameroon (17.32 percent), France (17.9 percent), and Australia (16.59 percent).

12. 1.2% of scam websites have a .co.uk domain

The largest portion of scam websites predictably have .com domains. However, according to Kaspersky’s figures, these only account for around a quarter of scam websites. Other popular extensions are .ru (2.12 percent), .com.br (1.31 percent), and .de (1.23 percent). The UK extension .co.uk comes in fifth place accounting for 1.20 percent of all scam sites.

13. Around 6,000 COVID-19 related malicious files have been detected since May 2020

Just a couple of months into the pandemic, McAfee started tracking COVID-19 related malicious file detections in countries around the world. UK residents and businesses seem to have gotten off lightly with just 6,000 detections over the two-year period. In contrast, the US has seen almost 2.6 million detections and Spain has registered more than 2.1 million.

The McAfee map.
Source: McAfee

14. The UK is 8th out of 75 for cyber security

Based on a recent Comparitech study, the UK earned a firm top-ten position compared to 74 other countries around the world. We analyzed the cyber health of these regions based on a range of factors including how many users in the country experience different types of cyber attacks and how many attacks originate in each country. The UK did well to rank in eighth place, behind several other European countries. Denmark took the top spot followed by Sweden, Ireland, Norway, Finland, the Netherlands, and Austria.

15. The UK has issued €44 million worth of GDPR fines

The DLA Piper Data Breach Report 2021 offers insight into the General Data Protection Regulation (GDPR) fines that have been issued since the regulation was first introduced in 2018. The United Kingdom has issued €44,221,000 worth of fines during that time. While this is high, Italy, Germany, and France all have higher totals.

16. The fourth and fifth largest fines were issued in the UK

DLA Piper also reveals where the largest single fines were issued. France, Germany, and Italy saw the largest three fines, but the fourth and fifth largest were issued in the UK. A €22.2 million fine was issued to British Airways and a €20.6 million fine was handed to Marriott International.

17. Four GDPR fines have been issued in the UK

While the UK has one of the highest fine totals, it has only issued four fines (that have been made public). This is in stark contrast to Spain where over 200 fines have been issued.

UK fines.
Source: Enforcement Tracker

18. The average cost of a data breach in 2020 was almost $4 million

The IBM’s Cost of a Data Breach Report 2020 looks at various statistics surrounding data breaches, including company response times and costs incurred. The average cost of a breach for UK firms in 2020 was $3.9 million. This was just above the global average of $3.86 million. Regions where companies lost big to breaches included the US ($8.64 million), the Middle East ($6.52 million), and Canada ($4.5 million). Breach costs increased for UK firms by 4.3 percent compared to 2019.

19. Most UK breaches are malicious in nature

IBM investigated the root cause of breaches and found that 53 percent of UK breaches were malicious in nature. 23 percent were caused by system glitches and 25 percent by human error. These patterns were fairly similar across the board with the Middle East seeing the highest portion of malicious attacks (59 percent) and Canada the lowest (42 percent).

20. The average time to identify a UK data breach is 181 days

A key factor in determining the damage caused by a data breach is how long it takes a company to remediate an incident. In the UK, organizations took an average of 181 days to identify the fact that a breach had occurred, and a further 75 days to contain the incident. With a total of 256 days for identification and containment, the UK was fifth fastest to respond, behind Germany, Canada, South Africa, and the US.

21. The UK was in the top 10 most affected countries by stalkerware

The Kaspersky State of Stalkerware 2021 report examined how often this type of malware affects users in various parts of the globe. The UK had the third-highest number of cases of stalkerware in Europe, with 1,009 reported incidents. Germany had 1,547 and Italy 1,144. Elsewhere in the world, Russia was the hardest hit with 12,389 incidents, followed by Brazil (6,523) and the US (4,745).

22. The number of cyber security companies grew 21% in 2020

A study by Atlas VPN found that the UK cyber security industry comprised 1,483 companies in 2020. This was up 21 percent over 2019. In 2017, there were just 846 cyber security companies, meaning the industry has grown 85 percent in three years.

Most firms (840) are considered micro in size having fewer than 10 employees. 327 are small firms with 10–49 employees, 172 are medium-sized (50–249 employees) and 144 are large (250 or more employees).

The number of UK cyber firms by year.
Source: Atlas VPN

23. The UK cyber security industry employs almost 50,000 people

A report by Ipsos MORI tells us that nearly 46,683 people are employed in a cyber security role. This represents an increase of nine percent compared to 2019. 65 percent of employees work for large organizations (those with 250 employees or more).

24. Total revenue in the UK cyber security industry was almost £9 billion

Ipsos MORI also reported on the total revenue of the cyber security industry in the UK. It estimated that organizations took in a total of nearly £8.9 billion in 2020. This represented a seven percent increase compared to the 2019 figure of £8.3 billion.

25. The average salary for a cyber security job in the UK is £62,500

CW Jobs tells us the average salary for various types of jobs in the UK. From a sample size of 531 jobs, it determined that the average salary for a cyber security role is £62,500. As expected, salary ranges depend heavily on location. At the higher end you have Bracknell with an average salary of £82,500 and range of £77,500–£87,500. At the lower end is Manchester where the average salary is £47,500 and the range is £42,500–£52,500.

26. There were over 300,000 reports of fraud and cyber crime in the UK in 2020

The NFIB Fraud and Cyber Crime Dashboard shows up-to-date data regarding various types of cyber crime. In 2020, there were 333,829 reports. However, the database only has records from late February, so the real number of reports was likely quite a bit higher. 91 percent of those reports came from individuals and nine percent from businesses. So far in 2021, there have been 137,309 reports.

27. 2020 losses to fraud and cyber crime in the UK totalled almost £2 billion

The NFIB also tracked losses resulting from these reports and found that cyber crime cost £1.9 billion in 2020. The figure so far in 2021 is £620.4 million.

The number of reports and total losses.
Source: NFIB

28. Online shopping and auction accounted for a huge number of reports

Of the NFIB reports in 2021, around 28,000 (20 percent) have been related to online shopping and auctions. The figure in 2020 was 80,500 (24 percent of all reports). However, losses seemed to be more heavily weighted on reports to do with cheques, plastic cards, and online bank accounts. In 2020, £148.9 million in losses was associated with 23,100 reports.

29. Those aged 20 to 29 are the largest target for cyber crime

The NFIB even hones in on the age of victims of fraud and cyber crime. The hardest hit seemed to be those in the 20–29 age group. The likelihood of attacks appeared to decrease slightly as age increased. However, there are a lot of factors that could have skewed this data, including the frequency of use of digital technology and the likelihood of victims in certain age groups to report crimes.

30. There were almost 12,000 reports of email and social media hacking in 2020

When we filter out fraud from the data and look at other types of cyber crime, social media and email hacking emerges as a top threat. There were 11,985 such cases in 2020, resulting in £2.6 million in losses.

See also: