Cyberattacks 'costing the UK economy £14.7 billion' a year 

New research published by the UK Government suggests that the average cost of a significant cyberattack for businesses in the UK could be as high as £195,000.

When looked at on a national level, the annual cost to the UK economy could be £14.7bn or 0.5 per cent of the UK’s gross domestic product (GDP) according to a report from the UK-based auditor KPMG.

The research was released as part of the UK Government’s new cybersecurity bill, designed to bolster the UK’s resilience in the face of growing online threats from criminals and foreign states.  

“As the world becomes more complex and unpredictable, there are also a growing number of aggressors with the means, intent and capability to do the UK harm,” said the report. “The scale of the problem is undeniable.”

In 2024, the National Cyber Security Centre (NCSC) managed, on average, one significant cybercrime incident every two days. These are the incidents defined as having a serious impact on essential services, public safety, or economic stability. 

Additionally, 43 per cent of UK businesses reported experiencing a cybersecurity breach or attack, totalling over 600,000 organisations.  

“Historically, our understanding of the economic impact of cyberattacks has focused on immediate financial costs to affected organisations, such as businesses,” said the report. “This narrow focus risks underestimating the true cost of cyberattacks to the UK economy. To address this, the government funded independent research to better understand and quantify the wider economic impact of cyberattacks on the UK economy.”

According to a report from KPMG, a week-long systematic cyberattack on the UK’s rail network could cost the country up to £1.8bn. The hypothetical attack could result in a direct financial cost to Network Rail of £123m, a cost to passengers in delays of £281.3m and a potential impact on gross value added (GVA) of up to £1.397bn. The estimated GVA impact represents approximately 2.8 per cent of the UK’s total GDP per week and 0.05 per cent of its annual GDP.

Additionally, Alma Economics found that cyberattacks attempting intellectual property and knowledge assets theft cost the UK between £1bn to £8.5bn in 2024 alone. Case studies considered in the report showed that in some cases, intellectual property theft could pose an existential threat to smaller businesses if it is used to develop rival products, enabling larger firms to compete more aggressively on price or leverage stronger marketing and post-sales support.

The reports come as the UK Government ramps up efforts to increase cybersecurity by focusing defences against cyberattacks on water, energy, healthcare, transport and digital services that are considered essential to daily public life.