Latest News

42% of UK businesses surveyed fell victim to a ransomware attack in the last year.

GetApp’s latest study surveyed just under 1,000 employees, regarding their cybersecurity priorities. 86% of the associates surveyed are involved in security decision-making or have full visibility over their company’s cybersecurity measures, these are referred to as cyber-aware employees.

GetApp’s study found that with the ever-increasing threat of cyber attacks, companies are progressively investing in cybersecurity solutions to protect their data. As 61% of cyber-aware employees stated that their company spent more on IT security in 2023 than in 2022.

According to the respondents who are more cyber-aware, careless employees are the biggest security vulnerability their company is currently facing (at 40%). This is followed by cyber supply chain vulnerabilities (35%), susceptibility to phishing/social engineering schemes (31%) and insufficient network security (30%).

The cyber threats that UK businesses are most concerned about include AI-enhanced attacks, advanced email phishing attacks and ransomware attacks.

35% of employees stated that their company has experienced either one or multiple data breaches in the last year. Of those who had experienced a breach, half (50%) said the cause was external, whilst 42% stated that it was due to their database or online data source being accidentally left unsecured. Meanwhile, in 30% of the cases it was caused by theft from an insider.

Ransomware and phishing

The majority of the attacks that manifested were either ransomware or phishing attacks. In the last 12 months, 42% of companies fell victim to a ransomware attack, and in 40% of the attacks, the ransom was over £25,000. However, only 26% ended up paying the ransom. The majority (40%) decrypted the data/removed the ransomware without paying.

74% of employees are aware that people within their company have received phishing emails in the last 12 months. Meanwhile, 56% of those who received phishing emails clicked on the malicious link, despite 43% having received a fake phishing test to help them identify future attacks.

Company protection of data

Security measures utilised by companies to protect their data include:
– Formal cybersecurity risk assessments (59%)
– Data classification (47%)
– Zero-trust network security (39%)
– Privileged access management (38%)
– Network segmentation (35%)

The majority of employees surveyed stated that their company has protective measures in place when accessing IT systems and buildings. 88% use two-factor authentication for business applications, whilst 44% use biometric security measures. Meanwhile, 61% buy cyber insurance as an extra level of safety.

David Jani, Content Analyst at GetApp UK, comments:

“Security protection is still a major concern for UK firms as demonstrated by rising investment in cybersecurity measures. This is likely to have been compounded by a prevalence of serious cyberattacks such as phishing and ransomware, affecting a large number of respondents.
AI is also impacting these concerns, with worries of more sophisticated attacks driven by technology coming to the fore. However, AI is also providing a solution for better security protection, with newer software proving popular with our sample and assisting in tasks such as monitoring and threat detection.

Study Methodology

The data for GetApp’s 2023 Data Security Survey was collected between November 10th and 26th 2023 and comprises answers from 995 respondents. All respondents were UK residents, aged between 18-65 years-old, full-time employees, and work for a company which uses cybersecurity software tools for protection and have some awareness of which tools are used.

About GetApp

GetApp is the recommendation engine small businesses need to make the right software choice. GetApp enables SMEs to achieve their mission by delivering the tailored, data-driven recommendations and insights needed to make informed software purchasing decisions. For more information, visit