British businesses and individuals reported a suspicious email or website every five seconds in 2022, a new report from GCHQ’s National Cyber Security Centre (NCSC).
The report reveals that 7.1 million suspicious emails and URLs were flagged by UK organisations through the NCSC’s free Suspicious Email Reporting Service (SERS) between January 2022 and December 2022 – the equivalent of nearly 20,000 reports a day.
The reports contributed to the direct removal of nearly a quarter of a million (235,000) malicious URLs from the internet by the NCSC since SERS – the first service of its kind globally – launched in April 2020.
It took less than 6 hours on average for the NCSC to remove reported malicious URLs from the internet.
The finding is one of many insights in the sixth annual report from Active Cyber Defence (ACD), a cornerstone programme from the NCSC which takes a “whole-of-society” approach to cyber crime and prevents millions of high-volume cyber attacks from ever reaching UK organisations and citizens each year.
Responding to the report, Suid Adeyanju, CEO, RiverSafe said: “These figures expose the tidal wave of cyber attacks hitting businesses on a daily basis and demonstrate why still so much more needs to be done to ramp up the UK’s cyber defences. The chronic skills gap, challenges around the recruitment pipeline and general lack of cyber awareness across companies means that these threats will continue to hit their mark. Tackling this issue requires a concerted effort, with academic institutions, businesses and the government developing a radical plan to completely transform the country’s cyber strategy.
“This means urgently getting next generation engaged and cyber-aware from a young age, introducing upskilling and reskilling programmes across organisations and most importantly driving diversity and growth in the cyber jobs market,” added Adeyanju.
Jonathon Ellison, NCSC Director for National Resilience and Future Technology, said: “In a cyber threat environment that resembles the Hydra – cut down one attack, another springs up in its place – ACD is once again doing unparalleled work to keep the country safe.
“As this latest report shows, cyber security is not the sole preserve of tech specialists: businesses are increasingly alive to and eager to engage with the cyber risks they face, signing up in swathes to make the most of NCSC data and expertise.
“Small businesses have a key role to play in making it safer to work and live online, which is why we’re making it even easier for them to shore up their defences with accessible, free tools and soon, to manage these effortlessly via our integrated MyNCSC platform.”
Businesses’ growing appetite for cyber security in 2022 led to 39% more organisations signing up for ACD’s free services which are designed to empower users without specialist knowledge or a dedicated security function at work to boost their cyber resilience.
Small businesses constitute 99% of the UK’s business ecosystem and are hence indispensable to national prosperity. They also, however, face a unique set of behavioural barriers, financial pressures and competing priorities to achieving robust cyber security, often not having the expertise or allocated resource to give cyber due attention.