Cyber Risk & Resilience

Despite the UK Government’s latest figures showing that 74% of mid-to-large UK businesses have experienced cyber crime, IT and financial leaders, working at the UK’s largest firms, often have a very poor comprehension of cyber risk and its financial dangers. 

Now, a new survey that has been  conducted by the London office of Resilience, a US cyber resilience and insurance business, in partnership with YouGov. 

Over 200 financial and IT decision makers across UK businesses, with an annual turnover of more than £100m, were questioned on their management of cyber risk and the finding are here. The key findings include:   

  • 72% of business leaders identified data breaches as their primary concern, highlighting their concern to comply with increasing regulation, overshadowing ransomware (47%), though ransomware drives greater financial loss.
  • Nearly half (47%) of UK firms experienced vendor-related outages lasting 12+ hours, highlighting third-party risks.
  • When considering measures companies can take to mitigate the impact of cyber incidents, only 62% of leaders determined any one measure effective.
  • Only 54% of surveyed firms use quantitative risk registries, limiting their ability to financially assess cyber risk.
  • Resurgence of ‘big-game hunting’, with cyber criminals focusing on larger targets, also means that growing mid-sized firms are increasing becoming targets and they lack the resources or budget to deal with third-party attacks effectively 

The research reveals a clear lack of understanding by UK business leaders of the significant potential financial losses if cyber risk is not properly addressed and suggests that Chief Information Security Officers (CISOs) need to engage more directly with the C-suite to help them get a stronger grip on the significant threat posed by cyber attacks. 

In particular, he survey found that only 54% of businesses kept quantitative risk registries, limiting their ability to oversee the financial ramifications of cyber attacks. 

Quantifying cyber risk enables business leaders to prioritise security controls and insurance more effectively, optimise their return on investment, and minimise the likelihood of significant financial losses. When considering measures companies can take to mitigate the impact of cyber incidents, no more than 62% of leaders determined any one measure effective, with education on cyber security (e.g. among staff) the most commonly identified measure.

Other findings from include: 

  • Business interruption (38%) and data breaches (37%) were the leading insurance claims firms filed for. 
  • Despite 93% of businesses surveyed having cyber insurance, only 45% of leaders claimed it was effective in reducing losses. 
  • IT leaders generally showed higher cyber literacy levels than financial leaders. 
  • Business interruption (72%) was a larger concern for companies with an annual turnover of less than £250m, with these companies facing more breaches. 
  • 30% of businesses did not file any claims despite having cyber insurance. 

CEO and co-founder of Resilience, Vishaal ‘V8’ Hariprasad commented “Cyber risk has become an undeniable reality for businesses of all sizes, yet our findings highlight a concerning gap in understanding and preparedness, particularly in how leaders assess and manage these risks as financial risks... 

“By quantifying and modelling potential impacts, investing in effective mitigation strategies, and ensuring return on investment on cyber insurance, business leaders can receive real value in countering cybercrime ... Only by bridging these gaps can businesses stay resilient in the face of growing threats.”

Image: Ideogram

You Might Also Read: 

The Critical Priorities For CIOs In 2025:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« General Motors Writes-Off $5bn On Robot Taxis
A Guide to Understanding Market-Leading Data Storage Solutions »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Oracle Cloud Security

Oracle Cloud Security

Oracle’s cloud security solutions enable organizations to implement and manage consistent security policies across the hybrid data center.

Leibniz-Rechenzentrum (LRZ)

Leibniz-Rechenzentrum (LRZ)

The LRZ supports ground-breaking research and teaching in a wide range of scientific disciplines including information security and data protection.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

PRODAFT

PRODAFT

PRODAFT, Proactive Defense Against Future Threats, is a cyber security and cyber intelligence company providing solutions to commercial customers and government institutions.

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain accelerator is located in Washington D.C. which is one of the world's top cybersecurity ecosystems.

Next47

Next47

Next47 is a global venture firm, backed by Siemens, committed to turning today's impossible ideas into tomorrow's indispensable industries.

Keyavi Data

Keyavi Data

With Keyavi’s evolutionary data protection technology, your data stays within the bounds of your control in perpetuity.

Across Verticals

Across Verticals

Across Verticals is a boutique cyber security consulting firm that specializes in holistic, deeply technical and end to end cyber security advisory services based on industry best practices.

Infuse Technology

Infuse Technology

Infuse Technology provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

Cloudflare

Cloudflare

Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

Anatomy IT

Anatomy IT

Anatomy IT empowers healthcare providers to deliver exceptional patient care with cutting-edge technology and cybersecurity solutions.

Royal United Services Institute (RUSI)

Royal United Services Institute (RUSI)

The Royal United Services Institute is an independent think tank engaged in cutting edge defence and security research. Areas of research include cyber security and resilience.

BARR Advisory

BARR Advisory

At BARR Advisory, we build trust through cyber resilience. We help protect the world’s data, people, and information networks through a human-first approach to cybersecurity and compliance.

at-yet (@-yet)

at-yet (@-yet)

at-yet are an interdisciplinary team of experts. We are all about achieving results, whatever the situation – an acute incident, risk minimisation, safeguarding or data protection.