Business Leaders Are Ignoring Cyber Risks

Uploaded on 2019-07-24 in TECHNOLOGY--Resilience, FREE TO VIEW

Many medium sized businesses in the UK are ignoring the cyber security attacks they are likely to experience as they often have an incorrect understanding of their company’s cyber competence.  
 
The UK’s cyber-attacks have cost medium sized businesses with income between £15m and £1bn at least £30bn in the past year, a report from advisory firm Grant Thornton.
 
More than half (53%) of the UK’s 500 medium sized companies that were talked to have on average reported losses equivalent to between 3% and 10% of revenue after a cyber-attacks and the companies hit hardest had losses up to 25% of revenue.
 
Apparently regardless of these attacks over 60% of the businesses still do not have a Director who is responsible for cyber security. The organisations interviewed were also under-prepared in terms of making their people aware of cyber risks, with only one in three (36%) providing all their employees with cyber security training in the past 12 months. James Arthur, partner and head of cyber consulting at Grant Thornton, said boards had a key role to play in ensuring they had an effective cyber strategy in place.
 
“Putting cyber-crime onto the board’s agenda is one of the most effective ways to minimise the chances of a successful attack and reduce the financial impact if a breach occurs.” he told Compuetr Weekly.
 
While commitment from the top is vital, Arthur said ensuring employees were properly trained was also essential.
 
“Training to raise employee awareness can have a hugely positive impact on cyber security…so companies of all sizes need to ensure they have regular and ongoing cyber security training in place.”
 
Almost 70% of the company’s respondents felt confident in their ability to respond consistently at any time to a cyber-attack across their entire organisation, the study revealed that over half of the businesses surveyed did not have a cyber incident response plan in place (59%). It is very important to have a cyber security strategy and tactical plan, the report said.
 
The research also found that companies with an incident response plan in place experienced significantly lower financial losses from a cyber-attack than those without one.
 
The report explains that medium sized companies are at risk because they have resources and data that make them an attractive target but they are less likely to implement best-in-class cyber security compared with larger companies.
The study showed that many companies were relying on regular data backups to be able to recover rapidly from cyber incidents.
 
“But with modern ransomware specifically designed to spend up to six months infecting entire networks, including data backups, this cannot be relied upon as a core component of a response plan,” said Arthur.
 
The report identified six key areas that mid-market boards should be focusing on to ensure they are properly prepared:
 
1. Establishing a cyber incident response plan;
2. Regularly rehearsing the response plan using a range of different scenarios;
3. Monitoring and managing the risk posed from their supply chain;
4. Ensuring they understand the terms of their insurance and what is covered;
5. Understanding what “normal” looks like for their business, in terms of application usage, so they can identify any unfamiliar patterns;
6. Investing in regular training and raising their people’s awareness of cyber security.
 
Cyber security need not be expensive and there are a series of easy on-going actions that give organisations a much stronger cyber security process going forward. 
 
 For more information and a very economic and effective review please contact: Cyber Security Intelligence 
 
Computer Weekly:         Grant Thornton
 
You Might Also Read:
 
Ten Reasons Why Senior Managers Need To Understand Cyber Security:
 
 
 
 
« Privacy: Can You Trust FaceApp With Your Face?
From Ciphers To Cyber Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

Beyond Security

Beyond Security

Beyond Security is a leader in automated vulnerability assessment and compliance solutions - enabling customers to accurately assess and manage security weaknesses in their networks and applications.

Hodgson Russ

Hodgson Russ

Hodgson Russ is a US business law firm. Practice areas include Privacy, Data Breach & Cybersecurity.

Ashley Page

Ashley Page

Ashley Page offer a unique cyber insurance and risk management solution - Cyber+Insure.

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative is an information security and cyber security company with 40-plus years of experience across industry & government.

Security BSides

Security BSides

Security BSides is the first grass roots, DIY, open security conference in the world!. BSides is a community-driven framework for building events for and by information security community members.

Plexal

Plexal

Plexal is East London's innovation centre and co-working space. We offer startups flexible memberships, giving them access to office space plus all the benefits and support they need to scale.

archTIS

archTIS

archTIS specialises in the design and development of products, solutions and services for secure information sharing and collaboration.

Bolt Learning

Bolt Learning

Bolt's Cyber Security eLearning module provides users with an in-depth understanding of cybercrime, how it can occur and what everyone can contribute to preventing it.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

Edureka

Edureka

Edureka is an online technology training provider with the most effective learning system in the world. We help professionals learn trending technologies for career growth.

Evolution Equity Partners

Evolution Equity Partners

Evolution Equity Partners is an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

Conversant Group

Conversant Group

Conversant Group is an IT infrastructure and security consulting company, providing technical, organizational, procedural, and process consulting internationally.

ThreatER

ThreatER

ThreateER (formerly ThreatBlockr / Bandura Cyber) is a cybersecurity platform that provides active network defense by automating the discovery, enforcement, and analysis of cyber threats at scale.