Cyber-criminals have attacked 90 per cent of major British companies – costing the economy tens of billions of pounds, it emerged yesterday.
Figures reveal that the threat from hackers trying to steal confidential data is rising steeply. Experts warned the typical cost to big firms of the most severe information security breaches had nearly tripled in a year from 1.1million to 3.1million.
The country now faces ‘chronic, advanced and persistent’ threats every day, a top official at the GCHQ spy agency warned. Ciaran Martin, director general for cyber-security at the listening post, told a conference that the attacks ‘show little sign of abating’ and include threats from hostile states, terror groups and malicious hackers known as hacktavists. He spoke out a week after the Queen’s Speech included proposals to hand more powers to the security services to repair the damage caused by US traitor Edward Snowden’s leaks.
And he defended the use of controversial tactics to access the phone calls, texts and emails of millions of citizens, saying spies did not carry out ‘random mass intrusion’ on law-abiding people. Shocking details of the scale and cost of cyber-attacks to British firms were compiled in an annual report commissioned by the Government. The findings, published yesterday, reveal how nine out of ten large companies had suffered breaches – up from 81 per cent last year. For small firms, almost 74 per cent were attacked, up from 60 per cent. The typical cost of serious cyber-attacks to smaller businesses has soared from £115,000 to £311,000. The figure includes the cost of disruption, lost sales, recovery of lost information, fines and compensation.
Incidents included loss of confidential data, infection by viruses or malicious software, theft or fraud and other breaches caused by staff – such opening a suspect internet link. Almost one in ten companies took more than 100 days before they realised they had been targeted. The number of attacks directed through company mobile phones or tablets doubled from 7 per cent to 15 per cent.
British Airways was hacked in March, leaving tens of thousands of customers locked out of their frequent-flyer accounts. A Cabinet Office report three years ago found the cost of cyber-crime to the UK was £27billion. In a keynote speech, Mr Martin said GCHQ did not carry out mass surveillance of the public in Britain.
He acknowledged there had been ‘controversy’ following the revelations about the intelligence agencies’ use of personal data following the leaks by former CIA contractor Snowden. But he said ‘everyone’ at the UK eavesdropping agency used its powers ‘extremely carefully’.