A fall in businesses identifying cyber security breaches could indicate criminals are carrying out hidden attacks, a Government report has warned.

The average cost to companies that have been hit in the last 12 months is estimated to be £8,460, according to the annual Cyber Security Breaches Survey.

Nearly four in 10 firms (39%) reported incidents for the 2021 study, down from 46% the previous year, while the figure for charities remained unchanged at 26%.

Despite the seemingly positive outcome, organisations are finding it harder to monitor employees as they work from home during the pandemic, meaning companies may be less aware of the breaches and attacks their staff are facing.

Concerns around unidentified activity slipping through the net are backed up as other survey results show leaders have not ramped up cyber defences and upgrading devices remotely has become more difficult.

However, the report notes that reduced trading activity due to the pandemic may also be a contributing factor.

One in five firms (20%) is also using unsupported versions of Windows on computers, posing a significant security risk.

One large organisation revealed that the pandemic meant it was unable to retrieve and upgrade around 70 laptops used by staff running Windows 7, an old operating system which stopped receiving extended support updates from Microsoft in January 2020.

The 2021 survey, carried out by Ipsos Mori for the Department for Digital, Culture, Media and Sport (DCMS), involved 1,419 UK businesses and 487 UK registered charities.

Of those that reported incidents, phishing attacks remain the most common and have risen from 72% among companies in the 2017 survey to 83% in 2021.

Viruses and other malware have fallen from 33% to 9%, while ransomware dropped from 17% to 7%.

Temporary loss of access to files and disruption to websites are the most commonly reported outcomes, at 8% for businesses and 6% for charities.

Digital Infrastructure Minister Matt Warman said: “The pandemic has taken an unavoidable toll on British businesses but we cannot let it disrupt our high cyber security standards.

“With more people working remotely, it is vital firms have the right protections in place, and I urge all organisations to follow the National Cyber Security Centre’s expert guidance so we can build back better and drive a new era of digital growth.”