UK sectors investing the most and least on cyber security in 2018-19

Cyber Security in 2019

In today’s digitally driven economy, IT security has become a central issue for organisations of all sizes. Understandably so, given how a cyber-attack/breach can compromise critical business functions within seconds and leave reputation as well as finances in turmoil.

The frequency and severity can be exhibited by statistics from Hiscox. The insurance provider found that 55% of UK firms have already faced a cyber-attack this year (2019) and losses from breaches have accounted to an astonishing £176,000 on average.  

Cyber Security Investment 2018-19: The Research

Specops Software analysed the latest findings from to see how much 1,091 UK firms from a range of sectors have invested in cyber security during 2018-19 (April 2018 – March 2019).

Additionally, 2018-19 cyber security investment figures were compared to 2017-18 (April 2017 – March 2018), to see if year-on-year cyber security investment had increased or decreased for each of the reviewed sectors.

Cyber Security Investment 2018-19: The Findings

Specops Software found that finance and insurance firms have invested the most on cyber security, at a significant £22,050. This represents an increase of 23% from the previous year (2017-18), where finance and insurance companies were spending £17,900 on average.

Thereafter, firms in health/social care/social work invested the second highest amount on cyber security at £16,800. From the considered sectors, it marked the biggest rise (an astronomical 506%) in cyber security spending when compared to the year before (2017-18) – where the average outlay was only £2,770.

Contrastingly, businesses in the food and hospitality industry invested the least financially, at an average of just £1,080. Despite the low sum, it was still an increase of 20% from 2017-18 – when firms within the sectors were spending £900 on average.   

Specops Software’s four top tips for effectively maintaining high cyber security standards

Review IT Estate

Carry out a regular assessment of IT systems to identify any vulnerabilities that maybe targeted and exposed by opportunistic cyber-criminals.

Education and Governance

Create a formal document which establishes the firm’s best practices and policies on cyber security. Within this, give employees clear guidance on what they can and cannot do on the company’s IT devices/systems/networks.

Safeguard and Protect

Keep anti-virus software up-to-date, apply the latest security patches and enforce password changes when compromise is suspected.

Sharing Intelligence

If your organisation becomes aware of any serious cyber threats that may not only affect the business directly but also competitors, then it would be wise to share this ‘intelligence’ among peers/industry groups. By doing so, you do not only create a network of valuable information exchange but help protect one another from crippling cyber-attacks/breaches.

(Last updated on October 30, 2023)

Back to Blog