Two-thirds of UK businesses financially unprepared for cyber attack

Only half of organisation discuss cyber attacks at board level

Hacking

Only a third of UK businesses have a financial plan in place in the event of a cyber attack, according to a new survey by Lloyds Bank.

The research also found that if attacked, a third would pay a ransom to get their systems and data back. Almost two thirds (65%) of companies thought it would take them six months or more to recover from a disruptive cyber attack, while almost a fifth (18%) said one year or more to recover.

The survey found that only half (53%) of companies regularly discuss cyber risk at their board meetings while only a quarter (24%) of firms have dedicated cyber insurance. More than four in ten businesses (43%) do not have a financial cash reserve in place for an attack.

The survey of 150 executives (from small and medium-sized businesses up to larger global corporates) at Lloyds Bank's recent Cyber Beyond IT event in London showed that only a third (32%) have a financial resilience plan in place.

"A common problem faced by businesses is failing to understand the full financial impact of a cyber attack," said Giles Taylor, head of data and cyber security at Lloyds commercial banking.

"Businesses recognise there will be disruption, but if recovery is going to take months or years rather than weeks, then without a plan the financial implications can be disastrous. A cyber crisis can quickly turn into a liquidity crisis and the sudden drain on cash reserves could affect a firm's ability to pay staff or suppliers and stay afloat," he said.

"Our findings highlight the fact that organisations are not considering all of the knock-on effects of a cyber attack and don't always have sufficient financial plans in place. Strong governance, operational and financial planning should be at the heart of any cyber response activity so that they are better equipped to minimise any potential harm."

Bill Evans, senior director at One Identity, told IT Pro that security must be a board-level discussion. 

"One need only look across any variety of news reporting agencies to understand why. Reasons to make this a board level discussion include GDPR violations with their hefty fines, damage to brand in the court of public opinion, and loss of revenue as customer confidence wanes in the wake of a breach," he said.

David Emm, principal security researcher at Kaspersky Lab, told IT Pro that robust IT security strategies should be implemented in a business from the ground up.

"It's about prevention, rather than recovery but having cyber insurance can provide additional peace of mind. The growth in the number of organisations purchasing these insurance policies reflects the importance that business owners and decision makers are and should be placing on their IT security. In today's complex threat landscape, any company not implementing comprehensive security measures could struggle or fail to recover from a breach or attack," he said.

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

Up in the air: Travel in the age of COVID-19
Business

Up in the air: Travel in the age of COVID-19

26 Nov 2020
Four ways CIOs can drive digital transformation
digital transformation

Four ways CIOs can drive digital transformation

25 Nov 2020
CTO job description: What does a CTO do?
Business strategy

CTO job description: What does a CTO do?

2 Oct 2020
How to delete a Facebook business page
social media

How to delete a Facebook business page

15 Sep 2020

Most Popular

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020
What is phishing?
phishing

What is phishing?

25 Nov 2020
Microsoft Teams no longer works on Internet Explorer
Microsoft Office

Microsoft Teams no longer works on Internet Explorer

30 Nov 2020