Two-thirds of UK businesses financially unprepared for cyber attack

Only half of organisation discuss cyber attacks at board level


Only a third of UK businesses have a financial plan in place in the event of a cyber attack, according to a new survey by Lloyds Bank.

The research also found that if attacked, a third would pay a ransom to get their systems and data back. Almost two thirds (65%) of companies thought it would take them six months or more to recover from a disruptive cyber attack, while almost a fifth (18%) said one year or more to recover.

The survey found that only half (53%) of companies regularly discuss cyber risk at their board meetings while only a quarter (24%) of firms have dedicated cyber insurance. More than four in ten businesses (43%) do not have a financial cash reserve in place for an attack.

Advertisement - Article continues below

The survey of 150 executives (from small and medium-sized businesses up to larger global corporates) at Lloyds Bank's recent Cyber Beyond IT event in London showed that only a third (32%) have a financial resilience plan in place.

"A common problem faced by businesses is failing to understand the full financial impact of a cyber attack," said Giles Taylor, head of data and cyber security at Lloyds commercial banking.

"Businesses recognise there will be disruption, but if recovery is going to take months or years rather than weeks, then without a plan the financial implications can be disastrous. A cyber crisis can quickly turn into a liquidity crisis and the sudden drain on cash reserves could affect a firm's ability to pay staff or suppliers and stay afloat," he said.

Advertisement - Article continues below

"Our findings highlight the fact that organisations are not considering all of the knock-on effects of a cyber attack and don't always have sufficient financial plans in place. Strong governance, operational and financial planning should be at the heart of any cyber response activity so that they are better equipped to minimise any potential harm."

Advertisement - Article continues below

Bill Evans, senior director at One Identity, told IT Pro that security must be a board-level discussion. 

"One need only look across any variety of news reporting agencies to understand why. Reasons to make this a board level discussion include GDPR violations with their hefty fines, damage to brand in the court of public opinion, and loss of revenue as customer confidence wanes in the wake of a breach," he said.

David Emm, principal security researcher at Kaspersky Lab, told IT Pro that robust IT security strategies should be implemented in a business from the ground up.

"It's about prevention, rather than recovery but having cyber insurance can provide additional peace of mind. The growth in the number of organisations purchasing these insurance policies reflects the importance that business owners and decision makers are and should be placing on their IT security. In today's complex threat landscape, any company not implementing comprehensive security measures could struggle or fail to recover from a breach or attack," he said.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


data centres

Five business benefits of hyperconvergence

8 Jul 2020
Careers & training

What does a CISO do?

20 May 2020
Business strategy

CTO job description: What does a CTO do?

1 Apr 2020
social media

How to delete a Facebook business page

1 Apr 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

The road to recovery

30 Jun 2020