Almost half of all UK businesses have suffered a cyber breach or attack in the last year, and this number rises to two-thirds among medium companies and large firms.
That is according to The Cyber Security Breaches Survey 2017, a report commissioned by the Department for Culture, Media and Sport (DCMS) as part of the government's National Cyber Security Programme.
The survey was run to help businesses understand what other similar organisations are doing to stay cyber secure and would help to support the government when it shapes future policy.
DCMS found that across those businesses that had detected breaches, over a third (37 per cent), reported only being breached once in the year, but the same proportion said they were breached at least once a month, and 13 per cent said it was daily.
In the last year, the average business identified 998 breaches, a figure that the government said was "pushed up" because of the minority of businesses that experience hundreds or thousands of attacks in this timeframe.
Among the 46 per cent of businesses that detected breaches in the last 12 months, the average business faced costs of £1,570 as a result of these breaches. This figure was a lot higher for the average large firm - at £19,600, while medium companies had an average cost of £3,070 and small firms had a similar cost to the overall average (£1,380).
DCMS said that despite the large number of breaches, external reporting about them remains uncommon. Only a quarter (26 per cent) reported their most disruptive breach externally to anyone other than a cyber security provider.
"The findings suggest that some businesses lack awareness of who to report to, why to report breaches, and what reporting achieves," the report reads.
Three out of five (58 per cent) of businesses have sought information, advice or guidance on cyber security threats facing their organisations over the past year.
External security or IT consultants (32 per cent) is the top specific source mentioned, followed by online searches (10 per cent). Only four per cent mention government or other public sector sources.
DCMS suggested that this reflected that awareness of the information and guidance offered by government remained relatively low. However, it said that of the small minority who did look at government advice, three quarters said they found the information useful.
DCMS released a Cyber Breaches Survey in 2016 too, and some of the findings this year were very similar. For example, the majority of businesses (67 per cent) had spent money on their cyber security, and this tended to be higher among medium-sized companies (87 per cent) and large firms (91 per cent).
John Madelin, CEO of IT security company Reliance acsn suggested that the most interesting finding was the lack of companies reporting data breaches externally.
"Under GDPR, businesses will have to notify authorities of a data breach within 72 hours and without undue delay," he said.
"With almost half of UK businesses suffering a cyberattack in the past 12 months, and larger firms suffering them on a monthly or daily basis, it's clear that businesses still are struggling with getting basic security right," he added.
Q3 losses reverse Q2 gains
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons