Some 36% of businesses in the UK were affected by at least one IT security incident over the course of last year, according to some new research.
This figure comes from a Harvey Nash survey of 200 IT security pros (spotted by Computing), and it produced a number of illuminating statistics concerning cybersecurity in the business world.
For example, 24% of respondents said that their company had been hit by a DDoS (or plain Denial of Service) attack during 2015.
However, the most common form of attack was phishing or social engineering at 73%, followed by your traditional malware at 53%.
When it came to the damage these attacks did, just over half of the reported incidents caused some loss of revenue to the business in question. Just over a third (35%) said there was also damage to their reputation in terms of customer confidence being weakened – which can be an even more costly forfeit in the longer term.
Crisis in confidence
The Harvey Nash report also pointed to a lack of general understanding of IT security, and found that many security professionals didn't have much confidence in the big cheeses presiding over their companies.
Indeed, 45% of respondents felt that their board of directors either had a "major gap" in their comprehension of cyber-security risks, or they just didn't understand the risks at all. And many of those surveyed felt the same way about CEOs and other C-level executives.
Of course, if security in the business world can be regarded as wobbly, then who knows how you'd describe the state of security for consumers – a report which emerged this week on the worst passwords being used in 2015 was the usual complete cringe-fest.
As ever, the most prevalent password was '123456' followed by that old classic, 'password'. That must make security pros just want to give up and go home…