New data revealing 50 per cent of firms hit by cyber attacks are just “the tip of the iceberg” – expert warns

New figures showing a surge in cyber-attacks on businesses are just the “tip of the iceberg”, a leading expert has revealed.

Government data shows 50% of companies have experienced a breach or attack in the past year.

But Roy Shelton, CEO of the Connectus Group, said that the true scale of the problem may be much higher, due to the unwillingness of businesses to disclose such incidents.

He said: “Attacks are rising and getting more and more sophisticated. Those reported are just the tip of the iceberg. A lot more happen and exist under the radar and are never reported. All businesses need to be vigilant to the growing risk.”

He was commenting in the wake of the 2024 Cyber Security Breaches Survey, which found that 74% of large businesses had been attacked, 70% of medium-sized businesses had been targeted, along with 66% of charities with an annual income of £500,000 or more.

The most common type of breach or attack is phishing (84% of businesses and 83% of charities), followed by others impersonating organisations in emails or online (35% of businesses and 37% of charities), and then viruses or other malware (17% of businesses and 14% of charities).

In all, it is estimated that UK businesses have experienced around 7.78 million cyber crimes of all types and approximately 116,000 non-phishing cyber crimes in the last 12 months. For UK charities, the estimate is some 924,000 cyber crimes in the past year.

Mr Shelton added: “This report is a good and welcome update which highlights the growing need to be ever vigilant.

“These figures are based on only reported breaches: I would suspect many are never reported due to fear of brand and reputational damage.

“The common breaches remain as phishing, malware, and impersonation. All of this can be avoided with training of staff and or deploying low cost, high value counter measures.”

The figures show that, in terms of counter-measures, 51% of businesses have tried multiple approaches to try and minimise the risks of cyber attacks, while 40% of charities have done so.

The report also found how, among businesses, 33% have deployed security monitoring tools and 31% have carried out risk assessments.

Just 18% have tested staff with exercises, such as mock phishing attacks, 17% have carried out vulnerability audits, 11% have tried penetration testing, and 10% have invested in threat intelligence.

The growing cyber threat has prompted the Connectus Group to develop a new tool which helps provide businesses with advanced 24/7 protection from cyber attacks.

The Connectus Managed Extended Detection and Response (MXDR) service is powered by the acclaimed Heimdal XDR Unified Security Platform, which is specifically designed to help modern enterprises to stay safeguarded by integrating detect-and-respond services with the industry’s broadest coverage for total protection against cyber threats.

The Heimdal MXDR is unmatched: a proactive team of experts and an accredited Security Operations Centre (SOC) works in real-time and closely with IT and Security counterparts to create an integrated approach to threat-hunting and response.

For legal and property firms, the risks associated with a data breach are greater than most due to the additional risk of financial information being captured and further exploited by criminal gangs via banking fraud, for example.

Mr Shelton concluded: I’d advise looking for a more holistic managed service from professionals to ensure they have the right solution set and skill set working proactively on their behalf?

“Only a small number of companies actually understand how to respond to a cyber breach so, again, working with a trusted partner to deliver a managed, detect and resolve service would make more sense.”