16/Jul/2019
A new report has found that mid-size companies in the UK are failing to grasp the scale of cyber risk. Indeed, the majority – 63% of those surveyed – do not have a board member responsible for cyber security.
Prepared by Grant Thornton, the accountants, the survey – titled: “Cyber Security – the Board Report” – found that, in the last 12 months, the total cost of cyber security breaches to UK mid-market businesses reached at least £30bn. Despite this, in the last 12 months, only one in three (36%) companies have provided all of their employees with cyber security training. And over half of those surveyed (59%) do not have a cyber incident response plan in place.
More than half (53%) of the companies surveyed reported losses equivalent to 3-10% of revenue following a cyber-breach. For those businesses hit hardest, losses can reach up to 25% of revenue. Six per cent of the businesses surveyed reported a loss of this size (11 to 25% of revenue).
Almost 70% of the respondents felt confident in their ability to respond consistently at any time to a cyber-attack across their entire organisation. Conversely, over half of the businesses surveyed do not have a cyber incident response plan in place (59%).
The importance of having a well-rehearsed plan of action cannot be underestimated. “The research found that companies that have an incident response plan in place experience lower financial losses from a cyber-attack than those that don’t,” said Grant Thornton.
Be prepared!
The report identifies six key areas that mid-market boards should be focusing on to ensure that they are properly prepared. They include establishing a cyber incident response plan, regularly rehearsing the response plan using a range of different scenario and monitoring and managing the risk posed from their supply chain
It also recommended ensuring that companies understand the terms of their insurance and what is covered. They should also understand what “normal” looks like for their business, in terms of application usage, so that they can identify any unfamiliar patterns. The report recommended investing in regular training and raising awareness of cyber security among employees.
For more information, click on the link.
