Part Two – The Digital Revolution (Part Two)

Economic Unit

Additional data such as names, addresses, and contact details were also accessed, and one individual in the UK was arrested on suspicion of offenses under the Computer Misuse Act.

Furthermore, the Ministry of Defence was also targeted in a cyberattack, where a malicious actor gained access to parts of the armed forces’ payroll network, affecting military personnel. This system contained personal data, including names, banking information, and home addresses.
In a statement to the House of Commons, then-Defence Secretary Grant Shapps said:

“There are indications that this may have been carried out by a malicious actor, and the involvement of state entities cannot be ruled out. This incident is yet another sign of the growing and evolving nature of cyber threats facing the United Kingdom.”

These high-profile attacks on critical UK institutions and services illustrate the breadth of cyber threats, their impact on everyday life, and the reality that such threats may originate from both domestic and foreign actors. They underscore the severity and importance of cyber threats to the UK’s national security and economy.

Businesses: The 2024 Cyber Security Breaches Survey

According to the UK government’s 2024 Cyber Security Breaches Survey, cyber incidents remain a widespread threat — with 50% of businesses and 32% of charities reporting at least one security breach or cyberattack in the past 12 months.
The most common type of attack was phishing, followed by impersonation of organizations, and viruses or other malware.

The financial impact of such breaches can be substantial. On average, the most disruptive breach over the past year cost businesses around £1,205, while for medium and large enterprises, the average cost rose to £10,830. Given the rising cost pressures many firms already face, the economic impact of cyberattacks must be taken seriously across all sectors and business sizes.

The survey also highlighted specific challenges for smaller businesses, which often lack the expertise or internal capacity to develop effective incident response plans. Other barriers include limited knowledge, budget constraints, and small team capacity.
By contrast, some medium and large firms reported conducting simulation exercises and preparedness training.

When it comes to reporting cyber incidents, many businesses did not report their most serious breaches, primarily because they did not consider them significant enough, or due to a lack of knowledge on where to report, time constraints, or doubts about the usefulness of reporting.

Following their most serious breach, 23% of businesses provided additional staff training or communication, 9% updated firewall or system settings, and 8% installed or updated anti-virus or anti-malware software.
However, 39% of businesses reported taking no action after experiencing their most damaging breach.