DDoS cyber atacks could cost UK economy £1bn every year - report

16 April 2019

Almost half the companies surveyed said they had experienced an outage of 30 minutes or more

Almost half the companies surveyed said they had experienced an outage of 30 minutes or more

Distributed denial-of-service (DDoS) cyber attacks are having a bigger impact on UK businesses than ever before and could cost the UK economy more than £1 billion every year, according to a new study.

The 14th annual Worldwide Infrastructure Security Report (WISR), published by US-headquartered security and assurance solutions specialist Netscout, revealed that in 2018, 91 per cent of the UK businesses surveyed said they had experienced a DDoS attack, which infects a network and blocks users from accessing it for often long periods of time. The report said each attack lasted around 67 minutes in duration, with every successful one costing businesses north of £140,000 - an average cost of £2,140 per minute.

The report also said there had been a threefold year-on-year increase in the number of DDoS attacks against SaaS services, which rose from 13 per cent to 41 per cent. Attacks against third-party data centres and cloud services were up by 23 per cent.

Almost half the companies that took part in the survey said they experienced an outage of 30 minutes or more, while nine per cent were impacted for more than four hours – half the normal working day.

Furthermore, around 86 per cent of major UK enterprises said they were attacked at least once in 2018. The figures equate to costs of roughly £900m for large UK companies – the 8,000 with more than 250 employees - but the report said that many small and medium sized businesses are now also affected by cyber attacks, meaning that the total cost may now exceed £1 billion with no sign of that figure coming down.

The report also found that while network outages are the most obvious problem, the downtime that followed, as the result of these attacks, caused the affected businesses an array of problems.

Revenue loss was reported by over a third of respondents (36.2 per cent), alongside other factors such as increased operational expenses (38.6 per cent), reputational impact (36.2 per cent), higher insurance premiums (31.9 per cent) and loss of customers (30.7 per cent), highlighting the longer-term damage successful attacks can bring.

Netscout chief technology officer Darren Anstee said large-scale attacks are getting cheaper to carry out, but the consequences are getting more expensive for enterprises.

“The tools to initiate DDoS attacks are cheap, freely available and easily deployed - as a result, there are over 10,000 DDoS attacks every day around the world,” said Anstee “The size and complexity of attacks continue to grow and businesses must make sure their key resources are adequately protected, including in the cloud, SaaS etc. If something is important to you, it’s important to hackers.”

Anstee added that a cyber security skills shortage at many UK businesses did not help matters, with a number of firms having to outsource more of their security management to third-party vendors to tackle the problem.

Jonathan Anthony, investor and founder, at security vendor reactions.ai agreed and said: “In fighting DDOS, the battle is between false positives, unmatched software and hours in the day.”

The report also found that while network outages are the most obvious problem, the downtime that followed, as the result of these attacks, caused the affected businesses an array of problems.