Cyber attacks cost British industry £34bn a year by By Alan Tovey, Industry Editor

12/06/2015 11:24

As well as the multi-billion-pound price tag, the threat from hackers is holding business innovation back, a new report finds

Defending Britain against cyber attacks and repairing the damage done by hackers who penetrate security systems costs businesses £34bn a year.

The huge price tag of dealing with the growing threat of online crime was revealed by research from think-tank CEBR and computer security group Veracode.

Just over half – some £18bn – of the total comes from lost revenues as the result of successful attacks, with the remaining £16bn representing companies’ increased spending on IT as they beef up their defences.

However, the threat of online attacks is also limiting companies’ ability to grow, with seven out of 10 chief technology officers saying that cybersecurity policies “stifle” innovation at their businesses.


Did North Korean hack Sony's systems in response to a film about Kim Kim Jong-un?

Adrian Beck, director of enterprise security at Veracode, said: “Both businesses and government need to balance regulation and compliance with the need to innovate. There’s immense pressure to innovate but this hyper-connected and globalised world means there is increased risk. Companies have to look at how they can tap into that safely.”

One way companies are doing this is “shadow IT” – a safe area which is insulated from a company’s everyday systems – where advanced technology can be tested and experimented.

“This ‘virtual sandbox’ is not a silver bullet,” said Mr Beck. “When you are tapping into new apps and systems such as the internet of things you have to be careful your network isn’t bleeding out of the back end.”

The threat of cyber attack means that some companies are reluctant to utilise advanced new technology, holding back their development.

“You can measure it in terms of what your competitors are doing – if they are willing to take risks with security to gain market share, you have to look at whether that risk is worth taking,” said Mr Beck.

The threat posed by hackers is a constant one for companies, he added: “It’s a real fear and the mantra is that it’s not a question of if, but when, you will be attacked.”

• Who are the most notorious hacking groups?

One of the best way to reduce risk is to understand the threat, according to the computer expert.

“It’s about risk management – do you understand the business and the assets you have, what an adversary would want from you: is it teenagers looking to deface your website or a geo-political hacking looking to steal your intellectual property?”



The research also looked at which UK industries feel they are most at risk from hackers by measuring their increased spending on IT defences and the percentage of revenue lost as a result of a cybersecurity breach.

Utilities, energy and mining upped spending on IT by 6pc in the past year, and faced a 2.8pc loss in revenue as a result of an attack. This was followed by financial services at 7pc and 1.5pc respectively, then manufacturing at 5pc and 2,5pc. The total cost for these three sectors were almost double the next highest placed sector – real estate – at 3pc and 0.8pc.

Mr Beck said the increases reflected the changing nature of cyber crime. “There’s a possibility that these sectors may have underinvested in security in the past but it also shows that hackers are not just looking to steal money – terrorists could bring down energy networks of take control of a nuclear power station through IT,” he said.

• Stuxnet virus attack on Iranian nuclear programme: the first strike by computer?

Manufacturing’s increased spending could be related to the high-end products the sector makes.

“UK manufacturing has moved from mass-scale to high quality – the Rolls-Royces of this country don’t want to lose all that investment to a hacker,” Mr Beck said.

Read more: