The number of organizations hit with cyberattacks is rising, according to a new report focused on US and UK businesses.

About 75% of organizations have experienced a serious cyberattack in the past three years — up from 60% last year — according to the 2022 Cyber Security Insights Report conducted by S-RM, a global intelligence and cybersecurity consultancy.

The report, using information from 600 C-suite and IT budget holders from organizations with more than $500 million in revenue, also found that US businesses were slightly more likely to experience a serious cyberattack (77%) than those in the UK (73%), although both markets saw an increase in attacks.

“This is a growing problem and one with serious ramifications for affected organizations,” S-RM board director Jamie Smith said.

The attacks averaged almost $3.4 million in damage, with a reported average direct loss from a serious cyber incident of $1.5 million — which doesn’t take into account the long-term fallout of further financial losses.

“Often businesses will focus on the direct financial impact of a cyber incident, but the indirect impact can be even higher and far more difficult for them to accurately quantify,” Smith said.

Indirect losses, such as reputation damage or ransoms paid by an insurer, were often costlier than the initial incident, averaging $1.87 million. They were higher amongst UK IT leaders ($1.95 million) than US IT leaders ($1.79 million).

The most common impacts of cyber incidents were the result of operational downtime (reported by 40% of respondents), increased insurance premiums (36%), reputational damage (34%), and legal costs (34%).