InfoSecBulletin Cybersecurity for mankind
Last year, more than 1.5 million UK companies were attacked by cybercriminals, causing them to lose over £31.5 billion ($40 billion), according to a report from business ISP Beaming.
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
CIRT alert Situational Awareness for Eid Holidays
Cyberattack on Malaysian airports: PM rejected $10 million ransom
Micropatches released for Windows zero-day leaking NTLM hashes
VMware Patches Authentication Bypass Flaw in Windows Tool
IngressNightmare
Over 40% of cloud environments are vulnerable to RCE
(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass
Oracle refutes breach after hacker claims 6 million data theft
Russian zero-day seller to offer up to $4 million for Telegram exploits
A company surveyed 500 business leaders in 2023 to find out about security breaches that affected their organization. They were asked about the expenses they incurred in dealing with each incident, which included data recovery, replacing IT assets and personnel, business interruption, lost business, and regulatory penalties.
The median figures for each type of cybercrime and business size provided by respondents were calculated and then multiplied by the total number of businesses, using government data.
The report “Price of Insecurity: The Cost of Business Cybercrime in 2023” shows that the total cost of breaches has increased by 138% since 2019, when it was estimated at £12.8bn.
In 2023, around 27% of UK businesses were targeted by cybercrime. On average, these attacks cost £5500.
Cybercrime rates decreased for the largest and smallest businesses, but increased for all SME segments. Small businesses (11-50) saw the highest increase in victims (42%) and costs (396%) between 2019 and 2023.
“While large businesses are proving more resilient to cybercrime, the cost of breaches is soaring, and SMEs are being hit harder than ever before,” argued Beaming managing director, Sonia Blizzard.
“Businesses are investing in training and technology but they’re under sustained attack. So as the use of technology helps business to grow, the investment in cybersecurity training also needs to be maintained.”
Companies are investing more in cybersecurity, including employee training and tools like firewalls, VPNs, and threat management devices. However, cyber-threats like phishing, malware, and insider threats are still common, affecting a large number of people.
BEC and social engineering were the top threats for cybercriminals, followed by credential stuffing and ransomware.
