Cyber Risk & Resilience

Uploaded on 2024-12-20 in NEWS-Cybersecurity News, FREE TO VIEW

Despite the UK Government’s latest figures showing that 74% of mid-to-large UK businesses have experienced cyber crime, IT and financial leaders, working at the UK’s largest firms, often have a very poor comprehension of cyber risk and its financial dangers.

Now, a new survey that has been conducted by the London office of Resilience, a US cyber resilience and insurance business, in partnership with YouGov.

Over 200 financial and IT decision makers across UK businesses, with an annual turnover of more than £100m, were questioned on their management of cyber risk and the finding are here. The key findings include:

72% of business leaders identified data breaches as their primary concern, highlighting their concern to comply with increasing regulation, overshadowing ransomware (47%), though ransomware drives greater financial loss.

Nearly half (47%) of UK firms experienced vendor-related outages lasting 12+ hours, highlighting third-party risks.

When considering measures companies can take to mitigate the impact of cyber incidents, only 62% of leaders determined any one measure effective.

Only 54% of surveyed firms use quantitative risk registries, limiting their ability to financially assess cyber risk.

Resurgence of ‘big-game hunting’, with cyber criminals focusing on larger targets, also means that growing mid-sized firms are increasing becoming targets and they lack the resources or budget to deal with third-party attacks effectively

The research reveals a clear lack of understanding by UK business leaders of the significant potential financial losses if cyber risk is not properly addressed and suggests that Chief Information Security Officers (CISOs) need to engage more directly with the C-suite to help them get a stronger grip on the significant threat posed by cyber attacks.

In particular, he survey found that only 54% of businesses kept quantitative risk registries, limiting their ability to oversee the financial ramifications of cyber attacks.

Quantifying cyber risk enables business leaders to prioritise security controls and insurance more effectively, optimise their return on investment, and minimise the likelihood of significant financial losses. When considering measures companies can take to mitigate the impact of cyber incidents, no more than 62% of leaders determined any one measure effective, with education on cyber security (e.g. among staff) the most commonly identified measure.

Other findings from include:

Business interruption (38%) and data breaches (37%) were the leading insurance claims firms filed for.

Despite 93% of businesses surveyed having cyber insurance, only 45% of leaders claimed it was effective in reducing losses.

IT leaders generally showed higher cyber literacy levels than financial leaders.

Business interruption (72%) was a larger concern for companies with an annual turnover of less than £250m, with these companies facing more breaches.

30% of businesses did not file any claims despite having cyber insurance.

CEO and co-founder of Resilience, Vishaal ‘V8’ Hariprasad commented “Cyber risk has become an undeniable reality for businesses of all sizes, yet our findings highlight a concerning gap in understanding and preparedness, particularly in how leaders assess and manage these risks as financial risks...

“By quantifying and modelling potential impacts, investing in effective mitigation strategies, and ensuring return on investment on cyber insurance, business leaders can receive real value in countering cybercrime ... Only by bridging these gaps can businesses stay resilient in the face of growing threats.”

Image: Ideogram

You Might Also Read:

The Critical Priorities For CIOs In 2025:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.