Nearly half (46%) of British businesses discovered at least one cybersecurity breach or attack in the past year, a government survey has indicated.
That proportion rose to two-thirds among medium and large companies.
Most often, these breaches involved fraudulent emails being sent to staff or security issues relating to viruses, spyware or malware.
The survey was completed by 1,500 UK businesses and included 30 in-depth interviews.
The government said a “sizeable proportion” of the businesses still did not have “basic protections” in place.
While many had enacted rudimentary technical controls, only one-third had a formal policy covering cybersecurity risks.
Less than a third (29%) had assigned a specific board member to be responsible for cybersecurity.
Businesses’ susceptibility to cyber-attacks was a known issue, noted Prof Andrew Martin at the University of Oxford.
“A lot of businesses have responded to the problem with a box-ticking exercise or by paying an expensive consultant to make them feel better – it’s far from clear that what people are doing is protecting them very well,” he told the BBC.
He added it remained difficult for most people to distinguish malicious emails or websites from safe ones.
“It’s all very well to say don’t open emails from an unknown source – but most of us couldn’t do business if [we] didn’t do that,” he added.
The government’s survey indicates, however, that fewer businesses in 2017 consider cybersecurity to be of “very low priority”. It said 74% now agreed it was a high priority issue for senior management.