An analysis conducted by Payset found that three out of ten UK businesses (27%) didn’t use a password policy in the past eight years. During the same time period, 41% of UK businesses experienced a cybersecurity breach or attack.
“It’s really concerning that 3 in 10 businesses don’t take password security seriously. This lack of attention isn’t just a small oversight; it actually leaves these companies wide open to cyber-attacks. When you consider the serious consequences of a data breach, having strong password policies and robust cybersecurity measures isn’t just good practice—it’s essential for survival. Moreover, in today’s digital age, it’s not a matter of if a company will be targeted by hackers, but when”, says Fabio Rahamim, Payset’s security specialist.
Dealing with one disruptive cyberattack could cost businesses as much as £10,830 today, if there is no data lost, and as much as £40,400 if assets or data are lost.
Fabio Rahamim continued: “Unfortunately, many companies only realize the importance of cybersecurity after their reputation has been hit and they’ve suffered significant financial losses. This reactive approach can be devastating. It’s vital for businesses to wake up to these risks now and bolster their defenses before it’s too late.”
The top 3 most common types of cyberattacks that affected businesses in the last 8 years are phishing attacks, impersonation of organisations online or in emails and viruses, spyware, or malware attacks.
Since 2017, 80% of UK businesses have been affected by phishing attacks, which usually involve staff receiving fraudulent emails or invitations to fill out forms with the purpose of stilling their passwords or personal data. Impersonation of organisations in emails or online is the second most common cyber problem and has impacted 29% of businesses in the last eight years, while the installation of viruses, spyware or malware on companies devices affected 18% of businesses.
Cybersecurity specialists at Payset put together a list of simple but efficient tips that every business should follow to keep passwords secure and prevent cyberattacks:
- Create strong passwords that are at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and special characters.
- Enable two-factor authentication, which requires both a password and a second form of verification (e.g. security token) to access company systems.
- Use distinct passwords for each service to avoid a single point of failure.
- Conduct phishing simulations and training sessions to keep employees informed about the importance of password security and updates on emerging threats.
- Restrict access to company systems based on geographic location, allowing logins only from approved locations.
- Ask employees to use approved secure sharing tools for accessing shared systems or information.
- Regularly check email addresses and passwords against the Have I Been Pwned database (https://haveibeenpwned.com/) to see if they have been compromised.
All the tips can be found here.
To determine this, Payset analysed the Cybersecurity Breaches Surveys released by the UK Government between 2017-2024 and averaged the data to get the number and types of cyberattacks faced by businesses, and the number of businesses that lack password policies.
