A recent survey reveals that a significant portion of IT and financial leaders in the UK lack comprehension of cyber risk as a financial concern, despite the rising threat of cybercrime.
IT and financial leaders within the UK’s largest corporations exhibit a significant lack of comprehension regarding cyber risk as a financial concern. This observation comes from a recent survey conducted by Resilience, a provider of cyber risk solutions, indicating that a substantial 74% of mid-to-large UK businesses have fallen victim to cybercrime.
The survey, which included responses from 206 financial and IT decision-makers at firms boasting annual revenues exceeding £100 million, has unveiled a stark discrepancy between the most common financial loss triggers for businesses and the issues that dominate public and media discussions. This disconnect underscores a pressing need for cybersecurity professionals to enhance their understanding and leverage appropriate solutions to facilitate better-informed decisions regarding cybersecurity investments and risk management.
Data breaches emerged as the primary concern for these business leaders, with 72% identifying them as their foremost cyber risk. In contrast, only 47% expressed significant apprehension regarding ransomware. This is notable particularly as the National Cyber Security Centre (NCSC) has labelled ransomware as the most substantial cyber threat in the UK. Despite ransomware being responsible for over 80% of financial losses among Resilience clients in 2023-24, the regulatory landscape surrounding data breaches, governed by the General Data Protection Regulation, mandates that companies report breaches within 72 hours, heightening the urgency for effective management.
Furthermore, the survey exposes a critical oversight in vendor risk management among business leaders. Although 83% profess familiarity with the vendor systems employed by their organisations, a mere 35% believe that their due diligence adequately mitigates cyber risks. Alarmingly, nearly half (47%) of the respondents have experienced disruptions lasting at least 12 hours due to issues linked to vendors.
Interestingly, larger businesses generally demonstrate a slightly enhanced understanding of vendor-associated risks. For instance, 44% of larger firms regard vendor outages as a significant concern, whereas the overall figure stands at 40%. Companies with revenues exceeding £750 million are also more inclined (43%) than their smaller counterparts, those with revenues under £250 million (24%), to view vendor due diligence as an effective strategy for reducing cyber threats.
As cybercriminals increasingly target larger enterprises, mid-sized firms often find themselves inadequately resourced to tackle third-party attacks effectively. Conversely, 34% of organisations with revenues over £1 billion reported no adverse impact from vendor outages; mid-sized businesses, however, tend to experience more challenges.
The survey further accentuates the necessity for mid-sized firms to enhance their perception of cyber risk in financial terms. The UK government estimates that cyber breaches cost mid-to-large businesses an average of £10,830 in 2023. Yet, only 54% of these firms maintain quantitative risk registers, thus hampering their capacity to evaluate the financial ramifications of cyber incidents. Understanding and quantifying cyber risks can empower business leaders to prioritise security measures, optimise insurance investments, and ultimately decrease the potential for considerable losses.
In examining the effectiveness of strategies to mitigate cyber incident impacts, it was noted that just 62% of leaders endorsed any specific measure as effective, with cybersecurity education emerging as the most frequently cited.
Vishaal ‘V8’ Hariprasad, CEO and co-founder of Resilience, commented on the survey findings, stating, “Cyber risk has become an undeniable reality for businesses of all sizes, yet our findings highlight a concerning gap in understanding and preparedness, particularly in how leaders assess and manage these risks as financial risks. Traditional approaches are no longer enough, and organisations must embrace a financial lens to improve their cyber business decision making and achieve cyber resilience. By quantifying and modelling potential impacts, investing in effective mitigation strategies, and ensuring return on investment on cyber insurance, business leaders can receive real value in countering cybercrime. Only by bridging these gaps can businesses stay resilient in the face of growing threats.”
The implications of these findings suggest a critical need for businesses to recalibrate their understanding of cyber risks and adapt their strategies accordingly as they navigate an increasingly complex digital landscape.
Source: Noah Wire Services
- https://www.reinsurancene.ws/uk-business-leaders-struggle-to-recognise-cyber-risk-as-a-financial-threat-resilience/ – This article corroborates the survey findings by Resilience, highlighting the lack of comprehension among IT and financial leaders regarding cyber risk as a financial concern, and the discrepancy between common financial loss triggers and media discussions.
- https://www.reinsurancene.ws/uk-business-leaders-struggle-to-recognise-cyber-risk-as-a-financial-threat-resilience/ – It supports the statistic that 74% of mid-to-large UK businesses have fallen victim to cybercrime and the survey’s inclusion of 206 financial and IT decision-makers from firms with annual revenues exceeding £100 million.
- https://www.reinsurancene.ws/uk-business-leaders-struggle-to-recognise-cyber-risk-as-a-financial-threat-resilience/ – This source confirms that data breaches were identified as the primary concern for business leaders, with 72% considering them their foremost cyber risk, while only 47% expressed significant apprehension regarding ransomware.
- https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/cyber-crime – This page from the National Crime Agency supports the information that ransomware is labelled as the most substantial cyber threat in the UK by the National Cyber Security Centre (NCSC).
- https://www.reinsurancene.ws/uk-business-leaders-struggle-to-recognise-cyber-risk-as-a-financial-threat-resilience/ – It highlights the critical oversight in vendor risk management among business leaders, including the statistics on disruptions due to vendor issues and the effectiveness of due diligence in mitigating cyber risks.
- https://www.reinsurancene.ws/uk-business-leaders-struggle-to-recognise-cyber-risk-as-a-financial-threat-resilience/ – This article explains the differences in understanding and managing vendor-associated risks between larger and smaller firms, including the revenue thresholds and their impact on vendor due diligence.
- https://www.twenty-four.it/services/cyber-security-services/cyber-crime-prevention/cybercrime-statistics-uk/ – This source provides context on the financial impact of cyber breaches, including the UK government’s estimate that cyber breaches cost mid-to-large businesses an average of £10,830 in 2023.
- https://www.bitsight.com/blog/how-cybersecurity-financial-quantification-helps-cisos-make-their-case-board – This article supports the necessity for mid-sized firms to enhance their perception of cyber risk in financial terms and the importance of quantifying cyber risks to evaluate financial ramifications.
- https://www.bitsight.com/blog/how-cybersecurity-financial-quantification-helps-cisos-make-their-case-board – It emphasizes the role of cybersecurity financial quantification in helping CISOs make their case to the board and the importance of involving CFO and CRO in the process.
- https://www.reinsurancene.ws/uk-business-leaders-struggle-to-recognise-cyber-risk-as-a-financial-threat-resilience/ – This source quotes Vishaal ‘V8’ Hariprasad, CEO and co-founder of Resilience, on the survey findings and the need for businesses to adopt a financial lens to improve cyber business decision making.
- https://www.reinsurancene.ws/uk-business-leaders-struggle-to-recognise-cyber-risk-as-a-financial-threat-resilience/ – It underscores the critical need for businesses to recalibrate their understanding of cyber risks and adapt their strategies accordingly in the face of growing threats.
