st05_CostOfAttacks.md

We have looked at the types of cyber threat that an organisation and
individual would face.  In this section we examine the scale of the

threats, financial cost and the impact it could have on an
organisation.  Estimates of the cost for cyber attack to businesses
vary, with ENSIA identifying costs that varies from $474,000 to
$22,000,000 per company per year.

The NCSC (National Cyber Security Centre), and the UK government take an
annual survey of cyber security incidents, which gives some insight
into how UK organisations are affected.

## Headline Figures

According to the NCSC, over 2/5 of businesses suffered some form of
cyber attack in 2017, with most organisations experiencing
approximately 6 attacks in a year.  However, some organisations
experienced tens of thousands of cyber attacks during the same period.

It is interesting to note that organisations are more
likely to face intentional breaches, with only 25% reporting that
their most disruptive security incident was accidental.

The most common cause of these cyber attacks were Phishing and Social
engineering, with 75% of the organisations surveyed reporting this form
of attack.  Interestingly around 30% of organisations also reported
being impersonated by attackers, either in emails or through a website.

There was a fall in the number of Virus, spyware or malware
infections, with only 25% of organisations reporting this, however
Ransomware attacks were reported separately with around 15% of all
organisations reporting a ransomware attempt as made.


## Cost
The average cost to businesses was £3,100 for each cyber attack
experienced.  This may seem low compared to the headline figures from
ENSIA, but the figures are based on individual breaches, compared to
the yearly figures quoted in their study.


# Links

NCSC Report

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018

ENISA Report

https://www.enisa.europa.eu/publications/the-cost-of-incidents-affecting-ciis/
	We have looked at the types of cyber threat that an organisation and
	individual would face. In this section we examine the scale of the

	threats, financial cost and the impact it could have on an
	organisation. Estimates of the cost for cyber attack to businesses
	vary, with ENSIA identifying costs that varies from $474,000 to
	$22,000,000 per company per year.

	The NCSC (National Cyber Security Centre), and the UK government take an
	annual survey of cyber security incidents, which gives some insight
	into how UK organisations are affected.

	## Headline Figures

	According to the NCSC, over 2/5 of businesses suffered some form of
	cyber attack in 2017, with most organisations experiencing
	approximately 6 attacks in a year. However, some organisations
	experienced tens of thousands of cyber attacks during the same period.

	It is interesting to note that organisations are more
	likely to face intentional breaches, with only 25% reporting that
	their most disruptive security incident was accidental.

	The most common cause of these cyber attacks were Phishing and Social
	engineering, with 75% of the organisations surveyed reporting this form
	of attack. Interestingly around 30% of organisations also reported
	being impersonated by attackers, either in emails or through a website.

	There was a fall in the number of Virus, spyware or malware
	infections, with only 25% of organisations reporting this, however
	Ransomware attacks were reported separately with around 15% of all
	organisations reporting a ransomware attempt as made.


	## Cost
	The average cost to businesses was £3,100 for each cyber attack
	experienced. This may seem low compared to the headline figures from
	ENSIA, but the figures are based on individual breaches, compared to
	the yearly figures quoted in their study.



	# Links

	NCSC Report

	https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018

	ENISA Report

	https://www.enisa.europa.eu/publications/the-cost-of-incidents-affecting-ciis/