Carbon Black Report: 92% of surveyed UK businesses have been breached during the last 12 months and 91% say cyberattacks are now more sophisticated

92% of UK companies surveyed have been breached in the last 12 months and almost half (44%) have been breached between three and five times, according to a new cybercrime report from endpoint security firm, Carbon Black.

According to the report, cyberattack frequency has risen, with 82% of UK businesses surveyed reporting an increase in attempted attacks against their organisations during the past year. Perhaps more startling is that 91% of surveyed UK businesses said attacks are becoming more sophisticated, leveraging techniques such as: lateral movement, counter incident response, and island hopping.

The report notes that spear phishing, ransomware, weak security processes, outdated software, commodity malware, crypto jacking, and supply chain attacks are all contributing to data breaches in the UK.

The report also highlights a major delta in cybersecurity versus cybercrime investment. Cybercriminals are currently spending approximately $1 trillion on developing cyberattack weapons, annually. Conversely, defenders are spending about $96 billion, meaning attackers are outspending defenders by a ratio of more than 10 to 1.Only 1 in 20 UK businesses in the survey reported being aware of this major gap and almost two thirds of surveyed UK businesses are only planning modest increases in cybersecurity budgets in the coming year.

The news is not all bleak, though. Two thirds of UK organisations in the survey said they have pro-actively conducted threat hunting in the past year to strengthen their defences. Within companies that actively threat hunt, more than 90% said threat hunting had toughened their defences.

“The stats clearly show that defenders are not keeping up with attackers’ spending,” said Tom Kellermann, Chief Cybersecurity Officer, Carbon Black. “The fact that 92% of UK companies have experienced a breach in the last year and nearly half have been breached multiple times is sobering. It’s critical to educate UK businesses on the threats they face and how these threats can be mitigated.”


The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.

Ahead of the end of year event, DPWF has launched a series of intensive workshops.

Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/