Business Leaders Are Ignoring Cyber Risks

Many medium sized businesses in the UK are ignoring the cyber security attacks they are likely to experience as they often have an incorrect understanding of their company’s cyber competence.  
 
The UK’s cyber-attacks have cost medium sized businesses with income between £15m and £1bn at least £30bn in the past year, a report from advisory firm Grant Thornton.
 
More than half (53%) of the UK’s 500 medium sized companies that were talked to have on average reported losses equivalent to between 3% and 10% of revenue after a cyber-attacks and the companies hit hardest had losses up to 25% of revenue.
 
Apparently regardless of these attacks over 60% of the businesses still do not have a Director who is responsible for cyber security. The organisations interviewed were also under-prepared in terms of making their people aware of cyber risks, with only one in three (36%) providing all their employees with cyber security training in the past 12 months. James Arthur, partner and head of cyber consulting at Grant Thornton, said boards had a key role to play in ensuring they had an effective cyber strategy in place.
 
“Putting cyber-crime onto the board’s agenda is one of the most effective ways to minimise the chances of a successful attack and reduce the financial impact if a breach occurs.” he told Compuetr Weekly.
 
While commitment from the top is vital, Arthur said ensuring employees were properly trained was also essential.
 
“Training to raise employee awareness can have a hugely positive impact on cyber security…so companies of all sizes need to ensure they have regular and ongoing cyber security training in place.”
 
Almost 70% of the company’s respondents felt confident in their ability to respond consistently at any time to a cyber-attack across their entire organisation, the study revealed that over half of the businesses surveyed did not have a cyber incident response plan in place (59%). It is very important to have a cyber security strategy and tactical plan, the report said.
 
The research also found that companies with an incident response plan in place experienced significantly lower financial losses from a cyber-attack than those without one.
 
The report explains that medium sized companies are at risk because they have resources and data that make them an attractive target but they are less likely to implement best-in-class cyber security compared with larger companies.
The study showed that many companies were relying on regular data backups to be able to recover rapidly from cyber incidents.
 
“But with modern ransomware specifically designed to spend up to six months infecting entire networks, including data backups, this cannot be relied upon as a core component of a response plan,” said Arthur.
 
The report identified six key areas that mid-market boards should be focusing on to ensure they are properly prepared:
 
1. Establishing a cyber incident response plan;
2. Regularly rehearsing the response plan using a range of different scenarios;
3. Monitoring and managing the risk posed from their supply chain;
4. Ensuring they understand the terms of their insurance and what is covered;
5. Understanding what “normal” looks like for their business, in terms of application usage, so they can identify any unfamiliar patterns;
6. Investing in regular training and raising their people’s awareness of cyber security.
 
Cyber security need not be expensive and there are a series of easy on-going actions that give organisations a much stronger cyber security process going forward. 
 
 For more information and a very economic and effective review please contact: Cyber Security Intelligence 
 
Computer Weekly:         Grant Thornton
 
You Might Also Read:
 
Ten Reasons Why Senior Managers Need To Understand Cyber Security:
 
 
 
 
« Privacy: Can You Trust FaceApp With Your Face?
From Ciphers To Cyber Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

Seagate Technology

Seagate Technology

Seagate data storage systems are purpose-built for enterprise and data centre performance, scalability, reliability and security.

Seclab

Seclab

Seclab is an innovative player in the protection of industrial systems and critical infrastructure against sophisticated cyber attacks.

SafeCharge

SafeCharge

SafeCharge is a global provider of technology-based multi-channel payments services and risk management solutions for demanding businesses.

Cyberens

Cyberens

Cyberens provide cybersecurity consulting services in IT sectors relating to defense and space, banking, industrial control systems and IoT.

Greensafe IT

Greensafe IT

Greensafe offer various onsite and offsite data erasure services, aimed at increasing data security whilst reducing any risk of data loss during transit.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers is a multinational professional services network of firms headquartered in London, United Kingdom and operating in 157 countries.

Activu

Activu

Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations including network security.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

OSP Cyber Academy

OSP Cyber Academy

OSP Cyber Academy are a managed service provider of cyber, information security and data protection training.

Mindcore Technologies

Mindcore Technologies

Mindcore provide cyber security services, managed IT services and IT consulting services to businesses in NJ, FL, and throughout the United States.

Oleria Security

Oleria Security

Oleria is the only adaptive and autonomous security solution that helps organizations accelerate at the pace of change, trusting that data is protected.

Walacor

Walacor

Walacor’s secure data platform represents the next generation of secure data and blockchain storage with a trust-first approach that revolutionizes enterprise data, and database management systems.

SafeShark

SafeShark

SafeShark are Product Security and Telecommunications Infrastructure (PTSI) Act and Radio Equipment Directive (RED) compliance specialists.

Zorins Technologies

Zorins Technologies

Zorins Technologies is a leading IT company providing IT networking Equipment and expertise in managed services, consulting, and cybersecurity.