Half of UK organisations unable to access data after cyber incident

Almost half of UK organisations (48 percent) have suffered a cyberattack or incident that prevented access to data last year, according to the 2023 Dell Technologies Global Data Protection Index (GDPI) survey.

Firms report that IT disruption is commonplace, with the vast majority (87 percent) saying their organisations experienced some form of IT disruption in 2023. In the UK, hardware failure (51 percent) was the most cited cause of data loss and/or systems downtime within organisations.

More than half (52 percent) of those who experienced a cyberattack event said attackers’ first point of entry was external – users clicking on spam or phishing emails and malicious links, compromised user credentials and hacked mobile devices. 

Looking to the implications, respondents said that disruptions that include data loss cost on average $2.61 million in 2023, accounted for an average of 26 hours of unplanned downtime and resulted in an average of 2.45TB worth of data loss.

Costs associated with cyberattacks and related incidents have also doubled, up from $0.66 million in 2022 to $1.41 million in 2023.

Generative AI and cybersecurity

Generative AI (gen AI) is emerging as a strategic tool for bolstering defences, with 40 percent of those surveyed saying that integrating gen AI will provide an advantage to their organisation’s cybersecurity posture

However, showing the dual nature of gen AI as both a defensive asset and source of complexity, 87 percent also agreed that the adoption of gen AI will generate large volumes of new data that will need to be protected and secure.

This could be why UK respondents highlighted ability to protect multi-workload environments (61 percent) and ensuring cybersecurity across all multicloud environments (63 percent) as the capabilities most important to their organisation when enabling hybrid, multicloud operations.

Similarly, UK respondents cited data security (49 percent), cost (45 percent) and complexity (44 percent) as the key issues faced by organisations maintaining data in public, multicloud environments.

“The doubling of costs associated with cyberattacks in the last year is shocking. It’s also concerning that over half of those who experienced a cyberattack event said the attacker’s first point of entry was external, such as users clicking on phishing emails and malicious links. Cybercrime continues to evolve in sophistication, and as the capabilities of gen AI expand, threat actors will uncover vulnerabilities faster and become increasingly convincing in their deception. gen AI is one way to leverage innovations to shore up defences, but it also creates new volumes of data that naturally become harder to protect and more easily targeted,” said  Steve Young, SVP and MD at Dell Technologies UK.

Over-confidence around consequences of a breach

Looking to ransomware attacks, responses suggest an over-confidence surrounding the consequences of a breach. Globally 74 percent believe that if their organisations experience an attack, they would get all of their data back if they paid the ransom. In contrast, UK respondents are less hopeful, with just over half (54 percent) believing they would get all of their data back. Furthermore, globally, 66 percent (UK 51 percent) believe that once they pay the ransom, they won’t be attacked again. 

Most UK organisations (81 percent) stated they have ransomware insurance policies but 40 percent of those who experienced an attack said their organisations were fully reimbursed through the policy. Survey responses also suggest ransomware policies are heavily caveated. Forty-seven percent said their organisation had to prove ‘best practice’ cyber threat prevention, 41 percent said their policy limited claim pay-outs and 44 percent said particular scenarios voided their policy.