The Cyber Security Breaches Survey 2017 revealed nearly seven in ten large businesses (66%) and 45% of micro and small businesses identified a breach or attack, with larger companies experiencing an average of eight breaches and shouldering an average total cost of £19,600 during the period.
It comes after a global cyber attack hit the NHS and businesses including Nissan, Renault and O2 owner Telefonica over the weekend.
While directors or senior management at 74% of participating businesses in the survey said cyber security was a high priority, a large proportion are not taking appropriate precautions.
Only a third had formal policies in place covering cyber security risks, 37% had rules around personal data encryption, and just one in five had had staff receive or attend cyber security training.
Micro and small businesses were less likely to have cyber security governance or risk assessment measures in place, with 39% of those surveyed who had no such measures believing they were too small or insignificant to be targeted.
The Cyber Security Breaches Survey was commissioned by the Department for Culture, Media and Sport as part of the government’s national cyber security programme and was carried out by Ipsos MORI and the Institute of Criminal Justice Studies at the University of Portsmouth. It surveyed more than 1,500 businesses between October 2016 and January 2017.