Cyber Risk & Resilience

Uploaded on 2024-12-20 in NEWS-Cybersecurity News, FREE TO VIEW

Despite the UK Government’s latest figures showing that 74% of mid-to-large UK businesses have experienced cyber crime, IT and financial leaders, working at the UK’s largest firms, often have a very poor comprehension of cyber risk and its financial dangers. 

Now, a new survey that has been  conducted by the London office of Resilience, a US cyber resilience and insurance business, in partnership with YouGov. 

Over 200 financial and IT decision makers across UK businesses, with an annual turnover of more than £100m, were questioned on their management of cyber risk and the finding are here. The key findings include:   

  • 72% of business leaders identified data breaches as their primary concern, highlighting their concern to comply with increasing regulation, overshadowing ransomware (47%), though ransomware drives greater financial loss.
  • Nearly half (47%) of UK firms experienced vendor-related outages lasting 12+ hours, highlighting third-party risks.
  • When considering measures companies can take to mitigate the impact of cyber incidents, only 62% of leaders determined any one measure effective.
  • Only 54% of surveyed firms use quantitative risk registries, limiting their ability to financially assess cyber risk.
  • Resurgence of ‘big-game hunting’, with cyber criminals focusing on larger targets, also means that growing mid-sized firms are increasing becoming targets and they lack the resources or budget to deal with third-party attacks effectively 

The research reveals a clear lack of understanding by UK business leaders of the significant potential financial losses if cyber risk is not properly addressed and suggests that Chief Information Security Officers (CISOs) need to engage more directly with the C-suite to help them get a stronger grip on the significant threat posed by cyber attacks. 

In particular, he survey found that only 54% of businesses kept quantitative risk registries, limiting their ability to oversee the financial ramifications of cyber attacks. 

Quantifying cyber risk enables business leaders to prioritise security controls and insurance more effectively, optimise their return on investment, and minimise the likelihood of significant financial losses. When considering measures companies can take to mitigate the impact of cyber incidents, no more than 62% of leaders determined any one measure effective, with education on cyber security (e.g. among staff) the most commonly identified measure.

Other findings from include: 

  • Business interruption (38%) and data breaches (37%) were the leading insurance claims firms filed for. 
  • Despite 93% of businesses surveyed having cyber insurance, only 45% of leaders claimed it was effective in reducing losses. 
  • IT leaders generally showed higher cyber literacy levels than financial leaders. 
  • Business interruption (72%) was a larger concern for companies with an annual turnover of less than £250m, with these companies facing more breaches. 
  • 30% of businesses did not file any claims despite having cyber insurance. 

CEO and co-founder of Resilience, Vishaal ‘V8’ Hariprasad commented “Cyber risk has become an undeniable reality for businesses of all sizes, yet our findings highlight a concerning gap in understanding and preparedness, particularly in how leaders assess and manage these risks as financial risks... 

“By quantifying and modelling potential impacts, investing in effective mitigation strategies, and ensuring return on investment on cyber insurance, business leaders can receive real value in countering cybercrime ... Only by bridging these gaps can businesses stay resilient in the face of growing threats.”

Image: Ideogram

You Might Also Read: 

The Critical Priorities For CIOs In 2025:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« General Motors Writes-Off $5bn On Robot Taxis
A Guide to Understanding Market-Leading Data Storage Solutions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Security Compass

Security Compass

Security Compass, the Security by Design Company, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows.

Cyber Risk Policies

Cyber Risk Policies

CyberRiskPolicy.com is a joint venture between the Poindexter Surety Group of companies and Gibbs Cyber Security.

Idemia

Idemia

Idemia is a global leader in security and identity solutions.

MSG Systems

MSG Systems

MSG are committed to intelligent IT and industry solutions and offer independent consulting on all aspects of information security.

DXC Technology

DXC Technology

DXC Technology helps global companies run their mission critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

WhiteHawk

WhiteHawk

WhiteHawk is the first online Cyber Security Exchange. We help you understand your cyber risk and match you to tailored and affordable solutions.

Truvantis

Truvantis

Truvantis is a cybersecurity consulting organization providing best-in-class cybersecurity services to secure your organization’s infrastructure, data, operations and products.

Oman Technology Fund (OTF)

Oman Technology Fund (OTF)

Oman Technology Fund aims to make Oman the preferred destination for emerging tech companies in the region, and an attractive and stimulating destination for venture capital.

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators provides services and information about financial fraud, fraud investigation and fraud prevention.

Mitigo Group

Mitigo Group

Mitigo offers a well considered and effective approach to keeping businesses completely secure from any digital attacks.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.

Venticento

Venticento

Venticento is an IT company specialized in consulting and network support and assistance for companies that need to make their business processes more effective.

DataProof Communications

DataProof Communications

DataProof Communications is Cybersecurity Company specialising in cybersecurity operations, incident management and response best practices and technologies.

Blind Insight

Blind Insight

Field-level searchable encryption plus fine-grained programmable access controls. All wrapped neatly in developer-friendly APIs and SDKs. Data protection perfection.