WEB AND MOBILE FRAUD
UK businesses ill-equipped to deal with cyber attacks
Increasing numbers of UK businesses are struggling to understand how to combat cybercrime putting them at increased risk of attacks resulting in crippling costs from multi-million pound ransoms, litigation and reputational damage, according to the latest report from Savanti, one of the UK’s leading cyber security consultancies.
According to the report, 'Effective Board Governance of Cyber Security: A Source of Competitive Advantage’ published in September, global cyber attacks increased in volume by 38 per cent last year compared to 2021, but six in every ten directors suggest that their company remains ineffective in understanding the risks.
The report finds that those businesses who are ‘cyber-engaged’ have increased revenue growth, a greater success rate in attracting clients and higher investor confidence.
In terms of numbers, across all UK businesses, there were 2.4 million instances of cyber-crime in the last 12 months.
According to Cyber Security Ventures, the cost of cyber-crime to business could reach £8.4 trillion annually by 2025. If it was measured as a country, cyber-crime would be the world’s third largest economy after the US and China.
Recent high-profile incidents include the cyber attack on The Electoral Commission in which a breach undetected for 14 months resulted in access to voters’ personal data including home addresses, images, e-mail addresses, names and telephone numbers. There was also the cyber attack on British Airways.
Savanti’s report suggests that while boards are increasingly concerned about cyber security, many struggle to understand what to do, with the majority (59 per cent) of directors saying their board is not very effective in understanding the drivers and impacts of cyber risks for their organisation.
The report states that large enterprises with ‘digitally-savvy’, ‘cyber-engaged’ executive teams have significantly higher revenue growth, valuations and net margins.
Effective cyber security also brings many top line benefits, including greater success rates when tendering for new clients, improved data insights, heightened investor confidence and the maintenance of shareholder value during mergers and acquisitions.
The report makes a number of recommendations for boards to consider, including having at least one board member with direct experience of cyber security issues, making sure cyber security as a topic is discussed at least on a quarterly basis at top table meetings and understanding how long it would take to recover from a disruptive cyber attack such as a ransomware episode.
Richard Brinson, CEO of Savanti, said: “Many investors view cyber as the canary in the coalmine for the health and resilience of a business. If a company can demonstrate effective cyber preparedness, it’s a sign of the strength of its overall leadership, operations and governance. However, while there has undoubtedly been progress in recent years on Board governance of cyber security, many Boards struggle to dispense their responsibilities.”
Brinson continued: “We found many Board members don’t understand their unique role in cyber security, lack the right level of cyber awareness and are scared to turn to their Chief Information Security Officer to bridge this gap for fear of exposing their lack of understanding".
The Savanti report also recommends boards take action to make sure they’re ahead of the game on cyber regulation.
Brinson concluded: “Many boards have their heads in the sand on cyber regulation. In the US, the Securities and Exchange Commission adopted rules in July requiring public companies to disclose within four days all cyber security breaches that could affect their bottom line. It seems likely more cyber regulation will emerge in the coming years in the UK and Europe that will eclipse the current General Data Protection Regulation reporting rules.”
