Study Says UK Businesses Need Cyberattack Reality Check

Shutterstock

A new report is calling out U.K. businesses for their reluctance to report cyberattacks, warning that they need to “get real” about the subsequent damages that result from cybercrime, The Wall Street Journal reported Thursday (March 3).

The Barclays-supported study found that less than a third of cyberattacks that take place against businesses in the U.K. are even reported to law enforcement. The surprising figure comes at a time when headlines are dominated by massive data breaches and cybercrimes happening to companies on a global scale.

Richard Benham, an independent cybersecurity expert and author of the Institute of Directors (IoD) report, said: “Cybercrime is one of the biggest business challenges of our generation, and companies need to get real about the financial and reputational damage it can inflict. The spate of recent high-profile attacks has spooked employers of all sizes, and it is vital to turn this awareness into action. Customers and partners expect the businesses they deal with to get it right.”

“As attacks become more prevalent and increasingly sophisticated, businesses need to defend themselves, know how to limit damage and be ready to respond quickly and comprehensively when the inevitable happens. No shop owner would think twice about phoning the police if they were broken into, yet, for some reason, businesses don’t seem to think a cyberbreach warrants the same response,” Benham added.

According to the “Cyber Security: Underpinning the Digital Economy” study, more than nine in 10 (91 percent) of the business leaders surveyed said that cybersecurity was important, but just 57 percent admitted to having a formal strategy in place to defend against cyberthreats. The discrepancy also showed in the fact that only 20 percent of respondents said they have insurance against a potential cyberattack.

“Our report shows that cyber must stop being treated as the domain of the IT department and should be a boardroom priority. Businesses need to develop a cybersecurity policy, educate their staff, review supplier contracts and think about cyberinsurance,” Benham said.

IoD noted the “worrying gap” between U.K. businesses being aware of the risks and actually being prepared with the necessary cybersecurity measures.

“Businesses must recognize the threat that cybercrime can pose to them, their reputation and subsequently their bottom line. With the number of customers going online rapidly rising, the issue of cybersecurity has never been more important. Companies need to consider cybersecurity as critical to their business operation as cost or cash flow,” Adam Rowse, head of business banking at Barclays, explained.