Some 46% of all UK businesses identified at least one cybersecurity breach or attack in the past year, according to a new report from the UK Department for Culture, Media and Sport. That number rises to 66% among medium-sized firms, and 68% among large firms, the report found.

The report is based on a survey of 1,523 UK businesses, as well as 30 interviews with businesses that completed it. Businesses that hold electronic personal data on customers are more likely than average to experience security breaches, with 51% of such businesses suffering from an attack.

Breaches were also common among organizations whose senior managers said they consider cybersecurity a low priority (35%), and even in enterprises where online services are not viewed as core to the business (41%).

SEE: 6 common enterprise cybersecurity threats and how to avoid them

The following breach types were the most common:

1. Fraudulent emails sent to staff (occurred in 72% of cases where firms identified a breach)

2. Viruses, spyware, and malware (33%)

3. People impersonating the organization in emails or online (27%)

4. Ransomware (17%)

“This highlights how, as well as having good technical measures in place, the awareness and vigilance of all staff are important to a business’s cyber security,” the report stated.

Four out of 10 businesses who identified a breach in the past year (representing one-fifth of all businesses surveyed) reported a negative outcome from a cyber breach, such as a temporary loss of files or network access (23%) or systems becoming corrupted (20%).

Breaches also result in financial costs to businesses, the survey found: Among the 46% of enterprises that experienced a breach in the past year, the average business faced costs of £1,570 (or about $2,014) as a result. This number was much higher for the average large firm, at £19,600 (or about $25,139).

Despite these costs, businesses do not often report breaches to law enforcement, the report noted: Only 25% of businesses reported their most disruptive breach externally to anyone other than cybersecurity providers. “The findings suggest that some businesses lack awareness of who to report to, why to report breaches, and what reporting achieves,” the report stated.

It’s clear that enterprises increasingly understand the importance of cybersecurity: Three-quarters of UK businesses say that cybersecurity is a high priority for their senior management, with 31% saying it is a very high priority. However, they must continue to take concrete steps to protect themselves from the sophisticated threats that are currently dominating the landscape.

The 3 big takeaways for TechRepublic readers

1. About half of UK businesses experienced a cybersecurity breach in the past 12 months, according to a new report from the UK Department for Culture, Media and Sport.

2. Fraudulent emails to staff, viruses, people impersonating the organization, and ransomware were the most common types of attacks firms experienced.

3. Businesses often do not report attacks to law enforcement, though that may change as the attacks increase in number.