Two-thirds of large UK businesses witnessed cyber attacks last year, with the cost of cyber breaches and attacks reaching millions in some cases, according to a study released by the government.

The research report found that nearly seven out of ten attacks on all firms involved viruses, spyware or malware.

Urging businesses to protect themselves from cyber criminals, the government said that a record £1.9bn investment will be made over the next five years to protect the country from cyber attacks.

Firms could have avoided the attacks by using the Government’s Cyber Essentials scheme, as the most common attacks were detected to contain viruses, spyware or malware, the report said.

UK Minister for the Digital Economy Ed Vaizey said: “The UK is a world-leading digital economy and this Government has made cyber security a top priority. Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks.

“It’s absolutely crucial businesses are secure and can protect data. As a minimum companies should take action by adopting the Cyber Essentials scheme which will help them protect themselves.”

The Cyber Security Breaches Survey found that while one in four large firms experiencing a breach did so at least
once a month, only half of all firms have taken any recommended actions to identify and address vulnerabilities. Even fewer, about a third of all firms, had formal written cyber security policies and only 10% had an incident management plan in place.

Separately, the Government’s Cyber Governance Health Check showed that nearly half of the top FTSE 350 businesses regarded cyber attacks as the biggest threat to their business, with this number going up by 29% when compared to 2014.

The Cyber Governance Health Check was launched by the government following a cyber attack on TalkTalk last year. During the attack, hackers stole names, email addresses and phone numbers of more than 157,000 customers of TalkTalk.

Over 100,000 of its subscribers have stopped using TalkTalk’s services following the cyberattack last year. The attack is estimated to cost £60m for the company.

The cyber health check has found that only a third of the UK’s top 350 businesses understand the threat of a cyber attack, while only a fifth of businesses have knowledge of the dangers of sharing information with third parties.

“The Government is encouraging all firms to take action: the 10 Steps to Cyber Security provides advice to large businesses, and the Cyber Essentials scheme is available to all UK firms. The Government is also creating a new National Cyber Security Centre offering industry a ‘one-stop-shop’ for cyber security support,” the report said.

The government said that the new National Cyber Security Centre will be launched in the autumn 2016.

A newly created cyber security centre in the UK will initially work with the Bank of England to set standards for the financial sector to prevent cyberattacks.

The idea to create such centre was announced by Chancellor George Osborne in November last year.

Are you under attack? Do you know the warning signs of data breach? Don’t be the latest victim of a cyber attack and read CBR’s exclusive cybersecurity features.

Cyber security basics: How to protect your business from common cyber attacks

The critical first hours of a data breach: What to do when your business has been hacked

5 cloud cyber security tools that will protect your business

How vulnerable is critical infrastructure to cyber attacks