UK firms lose more than £1bn to cybercrime over past year

Staff training cited as a critical solution, as figures reveal spikes in all major types of business fraud

As corporate treasurers become increasingly aware of their responsibilities in the fight against fraud , new research has shown that UK companies lost more than £1bn to cyberattacks and other electronic scams over the past year.

Published on 13 June by national cybercrime reporting centre Action Fraud and non-profit advisory group Get Safe Online, the findings show that some, key types of fraud are on the rise.

Mandate fraud – when a fraudster convinces a victim to alter a direct debit or standing order by pretending to be a regular recipient of that victim’s payments – has grown by 66% on the previous year, with more than 2,323 cases reported: up from 1,403 in 2014.

CEO fraud – when an employee is duped into making a payment by an email falsely presented as a senior manager’s instruction – is described in the research as ‘spiralling’, while a dramatic surge has also occurred in digital extortion: the practice of using so-called ‘ransomware’ to disable or block important files on a firm’s computer network until a release fee is paid.

Another rising problem is corporate employee fraud, whereby current or ex-staffers with privileged knowledge of financial access details obtain property or compensation through means such as the misuse of corporate cards or expense accounts. Some 1,440 cases of that type were recorded from the middle of last year to the present.

Spikes also occurred for retail-based and insurance-related fraud.

On average, corporate financial losses to cybercrime in the past 12 months reached £19,626,323 per regional police force.

Get Safe Online CEO Tony Neate said: “These latest figures show the enormous – and quite frankly daunting – impact that online crime can have on a business, its reputation, its employees and even its continued operation.

“To tackle this issue head on, businesses need to review their own skills and knowledge, determine if they need outside help, and then create measures to prevent, detect and respond to potential security threats.”

Neate added: “It’s all about education – and staff must be aware of this plan and trained where necessary. With new data regulations in place, we’ll see more and more businesses start to report online crime and realise that the right staff training can go a long way to helping prevent this growing problem.”

City of London Police commander Chris Greany – who doubles as the UK’s police national coordinator for economic crime – said: “Businesses are a major target for fraudsters, and these figures illustrate the significant rise in Action Fraud reports.

“The true figure will be much higher, and businesses need to take steps as many of these crimes could be prevented.”

Find government advice on cybersecurity training for businesses here.

Visit the business section of Get Safe Online’s website.

Scroll to top