Four in 10 UK businesses hit by cyber attack or breach in last year
The number of businesses reporting a cybersecurity breach or attack in the last 12 months has fallen slightly compared with the previous year, according to British government figures.
The annual Cyber Security Breaches Survey found that 43% of businesses and 30% of charities had experienced a breach or attack in the last year, which for businesses was down from 50% last year.
The report said the decrease was down to fewer small businesses reporting attacks, but warned that the prevalence of breaches among medium and large businesses remained high.
According to the figures, it was estimated that the average cost of the most disruptive breach for each business in the last 12 months was £1,600 ($2,000) for businesses and £3,240 for charities.
Cyber attacks on businesses and infrastructure have become increasingly common, and the Government has unveiled plans to introduce new legislation – the Cyber Security and Resilience Bill – designed to compel firms to beef up their cyber defences and better protect the UK from the growing threat.
Last year, the government also announced the designation of UK data centres as critical national infrastructure, meaning that in the event of a major incident, including a cyber attack, they will receive the same level of government support as utilities such as water and energy.
According to the Cyber Security Breaches Survey, the last 12 months have seen an improvement in good cyber hygiene practices among smaller businesses, with the uptake of cybersecurity risk assessments, cyber insurance, formal cybersecurity risk policy and continuity plans all reported as rising.
However, it said the number of high-income charities reporting good practices, such as carrying out risk assessments, had fallen.
The study said insights from charities suggest this could be linked to budget constraints.
The report said a formal cybersecurity strategy was found to be in place at 70% of large businesses, but only 57% of medium-sized firms.
Simon Whittaker, head of cybersecurity at IT firm Instil, said the UK needed updated cybersecurity laws to help better protect businesses from the 'relentless' attacks they faced.
Whittaker, who is a supporter of the CyberUp campaign, an industry coalition which is calling on the government to update existing cyber laws, said: 'Today's results paint a stark picture of the cyber threats facing UK organisations.
'Time and again, we see that businesses and charities are under relentless attack, but those on the front line of our digital defences are working with one hand tied behind their back by outdated legislation.
'The Computer Misuse Act 1990, drafted in a different era, is no longer fit for purpose.
'It risks criminalising the very professionals we rely on to detect, defend against and prevent these attacks.
'While other countries have moved with the times to empower their cybersecurity sectors, the UK is still relying on legislation written before smartphones, cloud computing or even the modern internet.
'The government has rightly prioritised cybersecurity with the first dedicated cyber Bill and a wider focus on technology adoption and the digital economy.
'However, these efforts risk being undermined by legal constraints on our cyber defenders if our laws do not catch up with the reality of today's threats.
'We urgently need a modern legal framework that protects the public and enables cybersecurity professionals to do their jobs.'
Cyber security minister Feryal Clark said: 'These figures show why we've put such a focus on making sure the UK has robust cyber security defences in place.
'Cyber attacks are disrupting our citizens, businesses and economy, and this year's survey puts the risks we face into sharp focus. While we are making progress, there's still more to do, and we all have a role to play.
'That's why in the last 10 days we've set out our plans for cyber security legislation and launched a suite of packages to support businesses in shoring up their defences – working to protect the public and the economic growth which is central to our Plan for Change.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
3 hours ago
- Yahoo
Britain to cut companies' energy bills in new industrial strategy
LONDON (Reuters) -Britain will aim to cut the electricity bills of thousands of companies under a new industrial strategy to be published on Monday, heeding calls from business to lower high energy costs that they say have damaged competitiveness and hindered growth. Under an industrial strategy for the decade 2025-2035, the government plans to cut the bills of electricity-intensive manufacturers by up to 25% from 2027, a move it said could benefit more than 7,000 businesses. The government has made boosting Britain's anaemic growth a key priority. But lawmakers and business leaders had highlighted the sky-high energy costs many companies face as a hindrance to that aim, with industry body Make UK saying government should scrap climate levies imposed on firms. Britain has been under pressure to do more to support its key industries and bolster competitiveness as the United States and the European Union also seek to do likewise, in a trade landscape upended by U.S. President Donald Trump's tariffs. Alongside the strategy, five sectoral plans for areas such as advanced manufacturing, creative industries and clean energy are also set to be published. The Industrial Strategy focuses on eight previously identified sectors of strength for Britain, which also include defence and financial services. The government said it would exempt energy-intensive manufacturers from levies like the Renewables Obligation to boost their international competitiveness. "Tackling energy costs and fixing skills has been the single biggest ask of us from businesses and the greatest challenge they have faced – this government has listened," Business Secretary Jonathan Reynolds said in a statement. The government said the energy measures would be funded through reforms to the energy system, without raising household bills or taxes. The scope and eligibility for the scheme will be finalised after a consultation. Make UK said the industrial strategy was a "giant and much needed step forward" that also tackled a skills shortage in Britain's workforce and access to capital. The Confederation of British Industry said it was an "unambiguous, positive signal" that would provide a "bedrock for growth" The industrial strategy, Britain's first in eight years, will expand the state-owned British Business Bank's capacity to channel investment into smaller companies, and provide an extra 1.2 billion pounds ($1.61 billion) a year on skills by 2028-29. The government added it would cut regulatory burdens on businesses, spend more on research and development and speed up planning processes. ($1 = 0.7435 pounds)
Forbes
3 hours ago
- Forbes
IRS Can And Does Assess This 100% Tax Penalty—Over And Over Again
Employees, Payroll Binder data finance report business with graph analysis in office. getty For anyone with employees, paying employment taxes is inevitable. You withhold taxes from employee pay, then send the money to the IRS. The taxes are withheld from wages and are supposed to be promptly paid to the government. This is trust fund money that belongs to the government, and no matter how good a reason the employer has for using the money for something else, the IRS is strict. If you are in business, it can be tempting to figure that you have to keep the rent paid and the supplies ordered, and that the IRS won't miss the payroll tax money if you just divert it temporarily. You never want to become delinquent in paying taxes, especially employment taxes. The IRS is vigorous in going after these payroll taxes. It is one reason that in cases where the IRS catches the problem early, the IRS may encourage use of a payroll service. If the payroll service automatically takes out and remits all the payroll taxes, the business won't have the discretion to divert the money, even briefly. When a tax shortfall occurs, the IRS will usually make personal assessments against all responsible persons who have ownership in or signature authority over the company and its payables. The IRS can assess a Trust Fund Recovery Assessment, also known as a 100-percent penalty, against every 'responsible person" under Section 6672(a). You can be liable even if have no knowledge the IRS is not being paid. If you're a responsible person, the IRS can pursue you personally if the company fails to pay. The 100% penalty equals the taxes not collected. The penalty can be assessed against multiple responsible persons, allowing the IRS to pursue them all to see who coughs up the money first. "Responsible" means officers, directors, and anyone who makes decisions about who to pay or has check signing authority. When multiple owners and signatories all face tax bills, they generally do their best to direct the IRS to someone else. Factual nuances matter in this kind of mud-wrestling, but so do legal maneuvering and just plain savvy. One responsible person may get stuck, while another may pay nothing. Meanwhile, the government will still try to collect from the company that withheld on the wages. And those IRS collection efforts can be serious. The IRS can move to collect, too, including via a levy on your bank accounts. But before a levy can be issued the IRS must provide notice and an opportunity for an administrative Collection Due Process hearing. A Collection Due Process hearing is only available for certain serious IRS collection notices. Among other things, it allows you the opportunity to ask for an installment agreement, an offer in compromise or another collection alternative. The IRS also looks for situations where one company owing payroll taxes seems to morph into a 'new' company, and there are special rules in the case of a 'predecessor' employer. That is, some procedural safeguards won't apply if you are a predecessor employer. Here's what the IRS evaluates to determine if one business is a predecessor of another: Does it have substantially the same owners and officers? Are the same individuals actively involved in running the business, regardless of whether they are officially listed as the owners/shareholders/officers? If the taxpayer's owners or shareholders are different, is there evidence they acquired the business in an arm's-length transaction for fair market value? Does the business provide substantially the same products, services, or functions as the prior business? Does the business have substantially the same customers as the prior business? Does the business have substantially the same assets as the prior business? Does the business have the same location/telephone number/fax number, etc. as the prior business? See IRC Section 6330(h). A business won't be treated as a predecessor if there was a genuine change in control and ownership, as where the business was acquired in an arm's-length transaction for fair market value, where the previous owners have ceased all involvement. The IRS's guidance lists examples of predecessor status and explains how to determine if a business requesting a Collection Due Process hearing for employment taxes is a 'predecessor.' There's no right to a Collection Due Process hearing to resolve the employment tax liabilities if you already had your chance.
Wall Street Journal
5 hours ago
- Wall Street Journal
Trump's Golden-Share Mistake
Last week brought us the Golden Share. No, that isn't a James Bond movie, or a detail from the Steele dossier, although the plot is as sinister. It's the Trump administration's first step to nationalize the steel industry. In exchange for approval of Nippon Steel's merger with U.S. Steel, the government receives a single preferred share, which includes voting rights and all sorts of control over U.S. Steel's ability to close factories, invest capital and relocate jobs outside the U.S. This 'Golden Share' is a bad idea. Nationalization is a fool's errand, a slippery slope to fascism's 'government controlling the means of production.' Don't do it.
