Cyber Risk & Resilience

Despite the UK Government’s latest figures showing that 74% of mid-to-large UK businesses have experienced cyber crime, IT and financial leaders, working at the UK’s largest firms, often have a very poor comprehension of cyber risk and its financial dangers. 

Now, a new survey that has been  conducted by the London office of Resilience, a US cyber resilience and insurance business, in partnership with YouGov. 

Over 200 financial and IT decision makers across UK businesses, with an annual turnover of more than £100m, were questioned on their management of cyber risk and the finding are here. The key findings include:   

  • 72% of business leaders identified data breaches as their primary concern, highlighting their concern to comply with increasing regulation, overshadowing ransomware (47%), though ransomware drives greater financial loss.
  • Nearly half (47%) of UK firms experienced vendor-related outages lasting 12+ hours, highlighting third-party risks.
  • When considering measures companies can take to mitigate the impact of cyber incidents, only 62% of leaders determined any one measure effective.
  • Only 54% of surveyed firms use quantitative risk registries, limiting their ability to financially assess cyber risk.
  • Resurgence of ‘big-game hunting’, with cyber criminals focusing on larger targets, also means that growing mid-sized firms are increasing becoming targets and they lack the resources or budget to deal with third-party attacks effectively 

The research reveals a clear lack of understanding by UK business leaders of the significant potential financial losses if cyber risk is not properly addressed and suggests that Chief Information Security Officers (CISOs) need to engage more directly with the C-suite to help them get a stronger grip on the significant threat posed by cyber attacks. 

In particular, he survey found that only 54% of businesses kept quantitative risk registries, limiting their ability to oversee the financial ramifications of cyber attacks. 

Quantifying cyber risk enables business leaders to prioritise security controls and insurance more effectively, optimise their return on investment, and minimise the likelihood of significant financial losses. When considering measures companies can take to mitigate the impact of cyber incidents, no more than 62% of leaders determined any one measure effective, with education on cyber security (e.g. among staff) the most commonly identified measure.

Other findings from include: 

  • Business interruption (38%) and data breaches (37%) were the leading insurance claims firms filed for. 
  • Despite 93% of businesses surveyed having cyber insurance, only 45% of leaders claimed it was effective in reducing losses. 
  • IT leaders generally showed higher cyber literacy levels than financial leaders. 
  • Business interruption (72%) was a larger concern for companies with an annual turnover of less than £250m, with these companies facing more breaches. 
  • 30% of businesses did not file any claims despite having cyber insurance. 

CEO and co-founder of Resilience, Vishaal ‘V8’ Hariprasad commented “Cyber risk has become an undeniable reality for businesses of all sizes, yet our findings highlight a concerning gap in understanding and preparedness, particularly in how leaders assess and manage these risks as financial risks... 

“By quantifying and modelling potential impacts, investing in effective mitigation strategies, and ensuring return on investment on cyber insurance, business leaders can receive real value in countering cybercrime ... Only by bridging these gaps can businesses stay resilient in the face of growing threats.”

Image: Ideogram

You Might Also Read: 

The Critical Priorities For CIOs In 2025:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« General Motors Writes-Off $5bn On Robot Taxis
A Guide to Understanding Market-Leading Data Storage Solutions »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Leonardo

Leonardo

Leonardo (formerly Finmeccanica) is a global high-tech company in Aerospace, Defence, Security & Information Systems including Cybersecurity & ICT solutions.

TSUNAMI

TSUNAMI

The TSUNAMi center focuses on software and system security and how trustworthy software can be built from COTS software components.

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

Stealthbits Technologies

Stealthbits Technologies

Stealthbits Technologies is a cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data.

Wolf Hill Group

Wolf Hill Group

Wolf Hill Group, a Slone Partners company, is a national recruitment firm focused on Cybersecurity.

ProWriters

ProWriters

As a leading cyber insurance company, ProWriters offers flexible Cyber Liability Insurance coverage designed to cover privacy, data, and network exposures.

Cybriant

Cybriant

Cybriant Strategic Security Services provide a framework for architecting, constructing, and maintaining a secure business with policy and performance alignment.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

Tetra Defense

Tetra Defense

Tetra Defense is a leading incident response, cyber risk management and digital forensics firm.

Aleo

Aleo

Aleo is building the world's leading developer platform for enabling absolute privacy on blockchains.

CyberFOX

CyberFOX

CyberFOX is a global cybersecurity solutions provider focused on identity access management (IAM) for managed service providers (MSPs) and IT professionals.

Neya Systems

Neya Systems

Neya Systems, a leader in advanced off-road autonomy and high-level multi-robot mission planning, provides innovative solutions for uncrewed ground, aerial, and surface vehicles.

MARS Suite

MARS Suite

MARS Suite is your all-in-one solution for cyber protection & compliance. Cybersecurity and risk management is what we do best. And we’re making it simple and easy.

Prophet Security

Prophet Security

Prophet Security empowers organizations to triage, investigate, and respond to alerts with unparalleled speed and accuracy.