Cyber Risk & Resilience

Despite the UK Government’s latest figures showing that 74% of mid-to-large UK businesses have experienced cyber crime, IT and financial leaders, working at the UK’s largest firms, often have a very poor comprehension of cyber risk and its financial dangers. 

Now, a new survey that has been  conducted by the London office of Resilience, a US cyber resilience and insurance business, in partnership with YouGov. 

Over 200 financial and IT decision makers across UK businesses, with an annual turnover of more than £100m, were questioned on their management of cyber risk and the finding are here. The key findings include:   

  • 72% of business leaders identified data breaches as their primary concern, highlighting their concern to comply with increasing regulation, overshadowing ransomware (47%), though ransomware drives greater financial loss.
  • Nearly half (47%) of UK firms experienced vendor-related outages lasting 12+ hours, highlighting third-party risks.
  • When considering measures companies can take to mitigate the impact of cyber incidents, only 62% of leaders determined any one measure effective.
  • Only 54% of surveyed firms use quantitative risk registries, limiting their ability to financially assess cyber risk.
  • Resurgence of ‘big-game hunting’, with cyber criminals focusing on larger targets, also means that growing mid-sized firms are increasing becoming targets and they lack the resources or budget to deal with third-party attacks effectively 

The research reveals a clear lack of understanding by UK business leaders of the significant potential financial losses if cyber risk is not properly addressed and suggests that Chief Information Security Officers (CISOs) need to engage more directly with the C-suite to help them get a stronger grip on the significant threat posed by cyber attacks. 

In particular, he survey found that only 54% of businesses kept quantitative risk registries, limiting their ability to oversee the financial ramifications of cyber attacks. 

Quantifying cyber risk enables business leaders to prioritise security controls and insurance more effectively, optimise their return on investment, and minimise the likelihood of significant financial losses. When considering measures companies can take to mitigate the impact of cyber incidents, no more than 62% of leaders determined any one measure effective, with education on cyber security (e.g. among staff) the most commonly identified measure.

Other findings from include: 

  • Business interruption (38%) and data breaches (37%) were the leading insurance claims firms filed for. 
  • Despite 93% of businesses surveyed having cyber insurance, only 45% of leaders claimed it was effective in reducing losses. 
  • IT leaders generally showed higher cyber literacy levels than financial leaders. 
  • Business interruption (72%) was a larger concern for companies with an annual turnover of less than £250m, with these companies facing more breaches. 
  • 30% of businesses did not file any claims despite having cyber insurance. 

CEO and co-founder of Resilience, Vishaal ‘V8’ Hariprasad commented “Cyber risk has become an undeniable reality for businesses of all sizes, yet our findings highlight a concerning gap in understanding and preparedness, particularly in how leaders assess and manage these risks as financial risks... 

“By quantifying and modelling potential impacts, investing in effective mitigation strategies, and ensuring return on investment on cyber insurance, business leaders can receive real value in countering cybercrime ... Only by bridging these gaps can businesses stay resilient in the face of growing threats.”

Image: Ideogram

You Might Also Read: 

The Critical Priorities For CIOs In 2025:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« General Motors Writes-Off $5bn On Robot Taxis
A Guide to Understanding Market-Leading Data Storage Solutions »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cloud Foundry Foundation (CFF)

Cloud Foundry Foundation (CFF)

Cloud Foundry supports the full application development lifecycle, from inception, through all testing stages, to deployment.

RoboForm

RoboForm

RoboForm's industry-leading encryption technology securely stores your passwords, with one Master Password serving as your encryption key.

ISO Quality Services Ltd

ISO Quality Services Ltd

ISO Quality Services is an independent organisation that specialises in the implementation, certification and continued auditing of ISO and BS EN Management Standards including ISO 27001..

Guardtime

Guardtime

Guardtime's Black Lantern platform provides real-time cybersecurity and data-centric asset protection.

DigitalXRaid

DigitalXRaid

DigitalXRAID is driven and motivated to ensure the bad guys don’t win. We’re dedicated to providing our clients with state-of-the-art cyber security solutions.

Mosaic 451

Mosaic 451

Mosaic451 is a bespoke IT managed services provider and consultancy specializing in information security, operations and design.

SynerLeap

SynerLeap

SynerLeap is ABB's innovation growth hub. Our aim is to help startups accelerate and expand across industries, ranging from industrial automation and robotics to grid technologies and smart cities.

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF) of Armenia is one of the largest technology business incubators and IT development agencies in the region.

Macquarie Telecom Group

Macquarie Telecom Group

Macquarie Telecom is Australia's datacentre, cloud, cyber security and telecom company for mid-large business and government customers.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

Venustech

Venustech

Venustech is a leading provider of network security products, trusted security management platforms, specialized security services and solutions.

Cyber Insurance Academy

Cyber Insurance Academy

Cyber Insurance Academy was founded to provide insurance professionals with the knowledge needed to work in cyber-insurance and cyber-related insurance fields.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

AdviserCyber

AdviserCyber

AdviserCyber provide Cybersecurity and Compliance Solutions for Registered Investment Advisers.

Sage IT

Sage IT

Sage IT offer a wide range of professional and consulting services to help organizations overcome the challenges of today's ever-changing business environment.