UK Cybersecurity Report 2022
Key Insights from the analysis of the 200 most significant cyber attacks in the UK between 2006-2022.
The UK Cybersecurity Report 2022 analyses the UK cyber landscape with a particular focus on the most hazardous cyber attacks that businesses encountered since 2006.
Every organisation, regardless of size, is exposed to a cyber attack due to the critical amount of client information they hold. Malicious attackers continue exploiting such databases as people and organisations rely on internet-connected devices. Businesses need to be highly vigilant about the consequences of different threats, including ransomware attacks, data breaches and phishing email attacks spreading across the UK. According to the Department for Digital, Culture, Media & Sport, four out of ten firms (39%) had experienced cyber security breaches or attacks in 2021.
What’s inside the UK Cybersecurity report 2022
> Introduction
> Key findings of the UK Cybersecurity Report 2022
> Top cyber attacks in the UK
> Ransomware attacks in the UK
> Most affected sectors in the UK
> Size of UK companies affected
> Governmental vs. non-governmental organisations
> Profit vs. nonprofit
> B2B vs. B2C
> The most exposed type of UK data
> Distribution of cyber attacks in the UK by year
> Distribution of cyber attacks in the UK by month
> Inside vs. outside cyber attacks
> Passive vs. active cyber attacks
> Motives of different cyber attacks
> Additional results
> Methodology
> Conclusion
> Get a free cybersecurity training
Video: The TWC UK Cybersecurity Report 2022 in less than 3 minutes
Methodology of the UK Cybersecurity Report 2022
TWC IT Solutions investigated the 200 most significant cyber attacks in the UK using publicly available data provided by organisations. TWC also obtained information on over 500 prominent global cyber attacks in order to achieve a holistic approach.
The data processing was completed in two stages. The first step of the research generated 13 different graphs and metrics detailing the UK cyber landscape. The second phase focused on the collected data, allowing us to examine the specific characteristics of each industry and the type of cyber attack that took place.
The analysis took into account the followings:
> Governmental or non-governmental organisation
> Size of the company
> Type of industry
> Was it a B2B or a B2C organisation?
> Profit or not-for-profit
> Year of the cyber attack
> Month of the cyber attack
> Country of the cyber attack
> Type of cyber attack
> Was it an insider or an outsider attack?
> Type of motive
> Was it an active or a passive attack?
> Number of accounts affected
> Type of information stolen
> Duration of the cyber attack
> Has a data breach taken place or not?
Some of the key findings of the UK Cybersecurity Report 2022
Key Finding #1: Malware (49.14%), system vulnerabilities (22.41%) and phishing attacks (9.48%) are the most frequent cyber attacks

According to the UK Cybersecurity Report 2022, malware attacks are the most common type of attack targeting industries, followed by system vulnerabilities and phishing attacks. However, despite this data, TWC also concluded that not all organisations were able to provide further information about the scale or type of the attack, partially for legal reasons.
Additional Insight: Phishing attacks (11% of all cyber attacks) were the third most common type of cyber attack against B2C organisations.
Key Finding #2: The travel, education, transportation and financial sectors are the most severely impacted industries by malware in the UK

The UK cybersecurity report 2022 also discovered that seven out of the ten biggest malware attacks reported in the United Kingdom were ransomware attacks. After ransomware, supply chain attacks (12%) and email phishing attacks (5%) turned out to be the two most dominant malware types targeting businesses.
Additional Insight: The web (SaaS, Web & Mobile Applications, Online businesses), healthcare and gaming industries are the UK’s most vulnerable industries to phishing attacks.
Key Finding #3: The retail, finance and healthcare industries are most affected sectors according to the UK cybersecurity report 2022

During the data analysis, TWC also found that 76.9% of ransomware attacks targeted B2C businesses and the industries impacted by cyber attacks the most were the services and the retail sector. The paper also considered different types of ransomware cases and learned that trojan assaults, system vulnerabilities and DDoS attacks made up 10% of all malware cases.
Additional Insight: The service, retail and healthcare sectors are the Top 3 most heavily affected industries by the cyber attacks that targeted medium-sized businesses in the United Kingdom
Key Finding #4: Over the past 16 years, the greatest malware attacks affected an average of 25,190,714 users in the UK

The UK cybersecurity report 2022 revealed that full names (10.51%) and physical addresses (10.17%) were exposed in this study’s 200 major UK cases. Email addresses are the third most commonly exposed type of data (9.49%). Cybercriminals who steal sensitive information frequently sell them on the dark web. For instance, 500,000 stolen credentials were offered for sale on dark web criminal forums in the 2020 Zoom data breach case.
Additional Insight: In 2.37% of the UK cases examined, health records, an extremely sensitive personal data, have been compromised. Despite being a relatively small percentage, healthcare data is quite valuable. As opposed to a single piece of information that could be obtained in a financial breach, healthcare data frequently includes all of the person’s identifying information, making it lucrative on the black market. As such, the most valuable information on the black market is medical data.
Key Finding #5: 41% of the UK’s biggest cyber attacks of all times were recorded during 2022

Additional Insight: The WannaCry ransomware attack in 2017 was one of the worst cyber attacks in history. It is estimated that more than 300,000 computers were affected during this attack across 150 countries, with total damages ranging from hundreds of millions to billions of dollars.
Key Finding #6: Historically, the first quarter has been the most dangerous period of a fiscal year in terms of hacking activity

Within a year, March, July and May became the prime months for cyber attacks. The data of the UK cybersecurity report 2022 also highlights that retailers are strongly encouraged to be on the lookout for cyber attacks between March and July as it is a peak period for cybercriminals to target organisations.
Additional Insight: 6.7% of the investigated cases lasted longer than a month.
Key Finding #7: 42% of the cyber attacks affected UK companies with up to 250 employees.

Additional Insight: In 64.3% of the cases, an outside source was responsible for the attack against B2B organisations.
For more key findings, download the full UK Cybersecurity Report 2022
Build your cybersecurity strategy with the help of an expert
The rapid growth of the Internet has resulted in a significant increase in cyber attacks, many of which have severe and disastrous consequences. Malware is the most commonly used attack employed to carry out malicious intent in the cyberspace by exploiting existing vulnerabilities or unique characteristics of emerging technologies. It is now more important than ever to secure businesses by clarifying the dangers of cyber attacks and the methods we have to avoid them. Every size of business, regardless of its industry, is vulnerable to cyber attacks and the only way to reduce cybersecurity risks is to raise awareness among employees.
TWC IT Solutions has been included among the top Cybersecurity Consulting companies in the UK for 2022 by Clutch, Goodfirms and Tech Reviewer.
Reach out to us at 08000 248 900.

Boglárka Chamer
Social Media Executive, TWC IT Solutions
IT Awards and Distinctions.
Three distinctions in two years.
