Two-thirds of UK businesses financially unprepared for cyber attack

Only half of organisation discuss cyber attacks at board level

Hacking

Only a third of UK businesses have a financial plan in place in the event of a cyber attack, according to a new survey by Lloyds Bank.

The research also found that if attacked, a third would pay a ransom to get their systems and data back. Almost two thirds (65%) of companies thought it would take them six months or more to recover from a disruptive cyber attack, while almost a fifth (18%) said one year or more to recover.

The survey found that only half (53%) of companies regularly discuss cyber risk at their board meetings while only a quarter (24%) of firms have dedicated cyber insurance. More than four in ten businesses (43%) do not have a financial cash reserve in place for an attack.

The survey of 150 executives (from small and medium-sized businesses up to larger global corporates) at Lloyds Bank's recent Cyber Beyond IT event in London showed that only a third (32%) have a financial resilience plan in place.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"A common problem faced by businesses is failing to understand the full financial impact of a cyber attack," said Giles Taylor, head of data and cyber security at Lloyds commercial banking.

"Businesses recognise there will be disruption, but if recovery is going to take months or years rather than weeks, then without a plan the financial implications can be disastrous. A cyber crisis can quickly turn into a liquidity crisis and the sudden drain on cash reserves could affect a firm's ability to pay staff or suppliers and stay afloat," he said.

"Our findings highlight the fact that organisations are not considering all of the knock-on effects of a cyber attack and don't always have sufficient financial plans in place. Strong governance, operational and financial planning should be at the heart of any cyber response activity so that they are better equipped to minimise any potential harm."

Bill Evans, senior director at One Identity, told IT Pro that security must be a board-level discussion. 

"One need only look across any variety of news reporting agencies to understand why. Reasons to make this a board level discussion include GDPR violations with their hefty fines, damage to brand in the court of public opinion, and loss of revenue as customer confidence wanes in the wake of a breach," he said.

David Emm, principal security researcher at Kaspersky Lab, told IT Pro that robust IT security strategies should be implemented in a business from the ground up.

Advertisement - Article continues below

"It's about prevention, rather than recovery but having cyber insurance can provide additional peace of mind. The growth in the number of organisations purchasing these insurance policies reflects the importance that business owners and decision makers are and should be placing on their IT security. In today's complex threat landscape, any company not implementing comprehensive security measures could struggle or fail to recover from a breach or attack," he said.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/digital-transformation/31168/four-ways-cios-can-drive-digital-transformation
digital transformation

Four ways CIOs can drive digital transformation

17 Jan 2020
Visit/government-it-strategy/28305/ir35-news
Policy & legislation

Government announces review of IR35 off-payroll changes

8 Jan 2020
Visit/strategy/28223/cio-job-description-what-does-a-cio-do
Business strategy

CIO job description: What does a CIO do?

7 Jan 2020
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020