While large firms are the most likely to suffer an attack – around 12 per year on average according to the study – small and medium firms are also being targeted. Medium-sized firms experience an average of six attacks a year, while around 42% of micro and small businesses suffered at least one attack in the last 12 months.
The government said the most common breaches or attacks were via fraudulent emails which might aim to coax employees into revealing passwords or financial information, or opening dangerous attachments. Criminals posing as the organisation online was the next most common strategy.
Ciaran Martin, chief executive officer of the National Cyber Security Centre, said that while cyber attacks can cause serious commercial damage and reputational harm, most campaigns are not highly sophisticated.
He added: “Companies can significantly reduce their chances of falling victim by following simple cyber security steps to remove basic weaknesses.”
The National Cyber Security Centre has published tailored advice for small businesses on how to guard against cyber attacks, covering elements such as backing up data, setting strong passwords and how to avoid phishing attacks.
The government warning comes ahead of the introduction of General Data Protection Regulation (GDPR) next month.
Information commissioner Elizabeth Dunham said these new regulations should prompt firms to up their defences against cyber attacks, adding: “Increasing the public’s trust and confidence in the way people’s data is handled is our priority and good data protection practice will go some way to making the UK the safest place to be online.”
Earlier this month the Financial Conduct Authority (FCA) raised concerns over the way that lenders are struggling to prepare for the threat of cyber attacks. It noted that established firms may be having difficulty in adapting their systems to tackle new advances in technology used by hackers, adding: “The potential size of this harm is a concern as many retail lending firms hold a wide range of consumer data.”