Business Leaders Are Ignoring Cyber Risks

Uploaded on 2019-07-24 in TECHNOLOGY--Resilience, FREE TO VIEW

Many medium sized businesses in the UK are ignoring the cyber security attacks they are likely to experience as they often have an incorrect understanding of their company’s cyber competence.  
 
The UK’s cyber-attacks have cost medium sized businesses with income between £15m and £1bn at least £30bn in the past year, a report from advisory firm Grant Thornton.
 
More than half (53%) of the UK’s 500 medium sized companies that were talked to have on average reported losses equivalent to between 3% and 10% of revenue after a cyber-attacks and the companies hit hardest had losses up to 25% of revenue.
 
Apparently regardless of these attacks over 60% of the businesses still do not have a Director who is responsible for cyber security. The organisations interviewed were also under-prepared in terms of making their people aware of cyber risks, with only one in three (36%) providing all their employees with cyber security training in the past 12 months. James Arthur, partner and head of cyber consulting at Grant Thornton, said boards had a key role to play in ensuring they had an effective cyber strategy in place.
 
“Putting cyber-crime onto the board’s agenda is one of the most effective ways to minimise the chances of a successful attack and reduce the financial impact if a breach occurs.” he told Compuetr Weekly.
 
While commitment from the top is vital, Arthur said ensuring employees were properly trained was also essential.
 
“Training to raise employee awareness can have a hugely positive impact on cyber security…so companies of all sizes need to ensure they have regular and ongoing cyber security training in place.”
 
Almost 70% of the company’s respondents felt confident in their ability to respond consistently at any time to a cyber-attack across their entire organisation, the study revealed that over half of the businesses surveyed did not have a cyber incident response plan in place (59%). It is very important to have a cyber security strategy and tactical plan, the report said.
 
The research also found that companies with an incident response plan in place experienced significantly lower financial losses from a cyber-attack than those without one.
 
The report explains that medium sized companies are at risk because they have resources and data that make them an attractive target but they are less likely to implement best-in-class cyber security compared with larger companies.
The study showed that many companies were relying on regular data backups to be able to recover rapidly from cyber incidents.
 
“But with modern ransomware specifically designed to spend up to six months infecting entire networks, including data backups, this cannot be relied upon as a core component of a response plan,” said Arthur.
 
The report identified six key areas that mid-market boards should be focusing on to ensure they are properly prepared:
 
1. Establishing a cyber incident response plan;
2. Regularly rehearsing the response plan using a range of different scenarios;
3. Monitoring and managing the risk posed from their supply chain;
4. Ensuring they understand the terms of their insurance and what is covered;
5. Understanding what “normal” looks like for their business, in terms of application usage, so they can identify any unfamiliar patterns;
6. Investing in regular training and raising their people’s awareness of cyber security.
 
Cyber security need not be expensive and there are a series of easy on-going actions that give organisations a much stronger cyber security process going forward. 
 
 For more information and a very economic and effective review please contact: Cyber Security Intelligence 
 
Computer Weekly:         Grant Thornton
 
You Might Also Read:
 
Ten Reasons Why Senior Managers Need To Understand Cyber Security:
 
 
 
 
« Privacy: Can You Trust FaceApp With Your Face?
From Ciphers To Cyber Security »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

Cyber Together

Cyber Together

Cyber Together is dedicated to advancing the cyber security industry by giving businesses access to Israel’s leaders, innovators and great minds in the field of cyber security.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

Oxford BioChronometrics

Oxford BioChronometrics

By building profiles based on electronically Defined Natural Attributes, or e-DNA, Oxford BioChronometrics protects digital networks, communities, individuals and other online assets from fraud.

KIOS Center of Excellence (KIOS CoE)

KIOS Center of Excellence (KIOS CoE)

KIOS carries out top level research in the area of Information and Communication Technologies (ICT) with emphasis on the Monitoring, Control and Security of Critical Infrastructures.

Red Sift

Red Sift

Red Sift is the only integrated cloud email and brand protection platform, supporting organizations to secure their communications.

Kymatio

Kymatio

Kymatio are pioneers in Artificial Intelligence applied to adaptive staff strengthening, cultural change and predictive internal risk analysis.

Anitian

Anitian

The Anitian Compliance Automation platform builds, configures, and monitors cloud environments to accelerate compliance for standards such as FedRAMP, PCI, ISO/GDPR and CJIS.

Jit

Jit

Jit empowers developers to own security for the product they are building from day zero.

Timus Networks

Timus Networks

Timus Networks enables today's work from anywhere organizations to secure their networks very easily and cost effectively.

SpireTec Solutions

SpireTec Solutions

SpireTec Solutions is an IT management training company offering 1500+ courses with state of art training facilities backed by a team of industry experts in various domains including cybersecurity.

Telesystem

Telesystem

Telesystem empowers businesses across the USA with a range of innovative network, communication and collaboration solutions.

NextGen Cyber Talent

NextGen Cyber Talent

NextGen Cyber Talent is a non-profit providing a platform to increase diversity and inclusion in the cybersecurity industry.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.