Large businesses in the Midlands are increasingly exposed to cyberattacks, with fresh data showing a clear link between company size and breach frequency – but experts are warning that smaller firms may be dangerously underestimating the threat.
According to the latest Azets Barometer, just 41% of large UK businesses avoided cybersecurity incidents in the past year, compared to 65% of smaller firms. Meanwhile, 13% of companies with revenues over £10 million reported multiple breaches.
The biannual survey, conducted by international business advisory group Azets, reveals a growing concentration of cyber risk in specific sectors. In finance, fewer than four in ten firms avoided breaches in the past 12 months. In retail and hospitality – a sector rocked by high-profile incidents – 43% stayed incident-free, with more than a third suffering at least one attack.
By contrast, lower-risk sectors like construction (80%) and healthcare (76%) reported significantly fewer breaches.
The findings come just weeks after Marks & Spencer disclosed a cyberattack expected to wipe £300 million from this year’s profits, with systems remaining disrupted for over a month. The Co-op, Harrods, and Adidas have also suffered recent attacks, highlighting the real-world impact of digital exposure.
Across all UK businesses, 58% reported no cybersecurity incidents, above the European average of 50%. About 26% suffered one breach, and 9% had multiple, compared to 11% EU-wide.
By revenue, the data shows a clear trend that as businesses grow and data volumes increase, so too does the frequency and impact of cyber incidents.
Paul Kelly, head of cyber and data privacy services at Azets, said: “The findings revealed in the latest Azets Barometer show a worrying trend for ongoing cyber-attacks on the UK’s larger, data-heavy organisations. This underscores the need for continued focus on cyber resilience, especially in higher risk sectors.
“Even though the majority of smaller organisations report no incidents, it’s a matter of when cybersecurity incidents occur, not if. Smaller organisations must continue to be vigilant and invest in cyber resilience measures to reduce the risk of incidents occurring.”
