Cybersecurity not a priority despite breaches costing UK firms $38 billion

Senior managers in finance and insurance are the most concerned about cybersecurity but only 60% classify it as a “very high priority,” research finds.

London-based property firm Savoy Stewart called on businesses to take cybersecurity seriously after it looked at research by Gov.uk on the attitudes of more than 1,500 UK companies in 11 sectors.

More than half (52%) of UK businesses fell victim to some form of cybercrime in 2016, a Beaming study by researchers at Opinium revealed. A significant 2.9 million UK firms suffered cybersecurity breaches nationwide last year, at a cost of $38 billion (£29.1 billion).

Savoy Stewart found cybersecurity was a very high priority for directors or senior managers in finance and insurance, highest amongst the analysed sectors. However, their peers in hospitality and food were the least worried, with only 15% considering it a very high priority.

Nine out of 10 businesses did not have an incident management plan in the event of a cyber-attack or breach.

With 83% of UK businesses online, the consequences of a cyber-attack or breach can be “devastating”, Savoy Stewart warned in a statement.

According to security professionals consulted by networking hardware company Cisco, operations of an organisation (36%) were most likely to be affected by any potential cyber-attack or breach. After operations finances (30%), brand reputation (26%), customer retention (26%) and intellectual property (24%) were the most affected.

Darren Best, managing director of SavoyStewart.co.uk, said calamities caused by cyber-attacks and breaches emphasised the need to take cybersecurity very seriously.

“With threats likely to intensify as cyber criminals become more ruthless, businesses cannot rest on their laurels,” Best said.

“Business leaders cannot afford to be just concerned or treat it as another risk management exercise. They need to effectively understand, carefully manage and thoroughly assess the security of their IT estate to continually get the basic defences right.

“On top of this, adequate governance and employee education on cyber security can go a long way in protecting a business's key capabilities and functions.”

The Savoy Stewart findings supported research announced by PwC earlier this year, which reported a quarter of British family businesses felt vulnerable to digital disruption. However, just over half have ever discussed the threat from cyber criminals in the board room.

Digital apathy was greater in the global private sector than the global public sector, with 68% of private company chief executives concerned about the speed of technological change compared to a greater 74% of global public companies. A mere 41% of private company chief executives were not concerned about cyber threats compared to 65% of global public companies.

The Global Family Office Report last year by Campden Wealth estimated 40% of all family offices worldwide have experienced a cyber security breach and consequently lost tens of thousands, even millions of dollars.