Business Leaders Are Ignoring Cyber Risks

Uploaded on 2019-07-24 in TECHNOLOGY--Resilience, FREE TO VIEW

Many medium sized businesses in the UK are ignoring the cyber security attacks they are likely to experience as they often have an incorrect understanding of their company’s cyber competence.  
 
The UK’s cyber-attacks have cost medium sized businesses with income between £15m and £1bn at least £30bn in the past year, a report from advisory firm Grant Thornton.
 
More than half (53%) of the UK’s 500 medium sized companies that were talked to have on average reported losses equivalent to between 3% and 10% of revenue after a cyber-attacks and the companies hit hardest had losses up to 25% of revenue.
 
Apparently regardless of these attacks over 60% of the businesses still do not have a Director who is responsible for cyber security. The organisations interviewed were also under-prepared in terms of making their people aware of cyber risks, with only one in three (36%) providing all their employees with cyber security training in the past 12 months. James Arthur, partner and head of cyber consulting at Grant Thornton, said boards had a key role to play in ensuring they had an effective cyber strategy in place.
 
“Putting cyber-crime onto the board’s agenda is one of the most effective ways to minimise the chances of a successful attack and reduce the financial impact if a breach occurs.” he told Compuetr Weekly.
 
While commitment from the top is vital, Arthur said ensuring employees were properly trained was also essential.
 
“Training to raise employee awareness can have a hugely positive impact on cyber security…so companies of all sizes need to ensure they have regular and ongoing cyber security training in place.”
 
Almost 70% of the company’s respondents felt confident in their ability to respond consistently at any time to a cyber-attack across their entire organisation, the study revealed that over half of the businesses surveyed did not have a cyber incident response plan in place (59%). It is very important to have a cyber security strategy and tactical plan, the report said.
 
The research also found that companies with an incident response plan in place experienced significantly lower financial losses from a cyber-attack than those without one.
 
The report explains that medium sized companies are at risk because they have resources and data that make them an attractive target but they are less likely to implement best-in-class cyber security compared with larger companies.
The study showed that many companies were relying on regular data backups to be able to recover rapidly from cyber incidents.
 
“But with modern ransomware specifically designed to spend up to six months infecting entire networks, including data backups, this cannot be relied upon as a core component of a response plan,” said Arthur.
 
The report identified six key areas that mid-market boards should be focusing on to ensure they are properly prepared:
 
1. Establishing a cyber incident response plan;
2. Regularly rehearsing the response plan using a range of different scenarios;
3. Monitoring and managing the risk posed from their supply chain;
4. Ensuring they understand the terms of their insurance and what is covered;
5. Understanding what “normal” looks like for their business, in terms of application usage, so they can identify any unfamiliar patterns;
6. Investing in regular training and raising their people’s awareness of cyber security.
 
Cyber security need not be expensive and there are a series of easy on-going actions that give organisations a much stronger cyber security process going forward. 
 
 For more information and a very economic and effective review please contact: Cyber Security Intelligence 
 
Computer Weekly:         Grant Thornton
 
You Might Also Read:
 
Ten Reasons Why Senior Managers Need To Understand Cyber Security:
 
 
 
 
« Privacy: Can You Trust FaceApp With Your Face?
From Ciphers To Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Paladion

Paladion

Paladion is a provider of managed IT security services.

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

Netrix

Netrix

Netrix is a Mexican company specialized in IT Security, with more than 18 years of experience in Managed Services, Professional Services and Turnkey Solutions related to Security.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

CNS Group

CNS Group

CNS Group provides industry leading cyber security though managed security services, penetration testing, consulting and compliance.

Expel

Expel

Expel provide transparent managed security services, 24x7 detection, response and resilience.

RevBits

RevBits

RevBits provides high-performance cybersecurity solutions including email security, endpoint security, deception technology and PAM solution to enterprise companies and public sector organizations.

Smoothstack

Smoothstack

Smoothstack is a technology talent incubator whose immersive training program kick starts IT careers and delivers a fresh source of IT talent.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

CCX Technologies

CCX Technologies

CCX Technologies design and develop a wide range of cybersecurity and testing solutions for the aviation, and military and government markets.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.