UK companies are unprepared for potential cyber-attacks against their business, with major shortcomings in many areas of security, new research has said.
A report released today by PwC found that a worrying amount of British firms only have adequate security protection in place, or are unaware of how best to prepare against attacks.
The study, which surveyed 560 senior business and technology executives from the UK as part of a global survey of 9,500, discovered that nearly one in five UK organisations don’t prepare or drill for cyber attacks, meaning they could be easy pickings for criminals.
The lack of preparedness could be the reason why workers themselves are finding themselves under attack, as PwC found targeting employees to breach businesses was responsible for over a quarter of all attacks in 2017 so far - up from 20 per cent last year.
Elsewhere, three in 10 British businesses said they didn't know how many cyber attacks they suffered last year, with a third saying they wouldn't be able to identify the cause of incidents if they were attacked. Only 44 per cent of UK companies had cyber insurance policies in place in case of attacks or breaches - far lower than the 58 per cent global average.
Overall, the average UK information security budget last year was £3.9m, however, only 34 per cent of companies have boards actively participating in the strategy - compared to the global average of 44 per cent. Perhaps unsurprisingly, Only just over half of British businesses said they had a cross-organisational team in place working on cyber security issues.
“Cyber attacks could happen to any organisation at any time, so it’s important that all businesses and public sector organisations are getting the basics right and continually testing their approach to prepare themselves in the right way. In that critical moment when an attack hits, the ability to act quickly and effectively is key to minimising business disruption and reputational harm," said Richard Horne, cyber security partner at PwC.
“Cyber security needs to be viewed as a ‘team sport’ rather than just an issue for the IT team. To be most effective, everyone in an organisation should be considering the security implications of their actions. Pulling a business together like that requires strong leadership from the top."