A CYBER attack can cost a UK organisation upwards of £850,000, according to the latest research.
PwC’s Global State of Information Security Survey 2018 states that while the cyber security risks facing UK organisations are increasing in both severity and impact, 28 per cent don’t know how many cyber-attacks they suffered in the past year and a third admit to not knowing how the incidents occurred.
While the majority (64 per cent) surveyed have an overall security strategy in place, only half (49 per cent) ever conduct penetration tests to examine their defences.
The figures show just 14 per cent of UK companies reported direct financial losses from cyber-security incidents, but the total annual cost to each averaged £857,000. Despite the lofty costs UK organisations are less likely than their counterparts worldwide to have cyber insurance in place.
A total of 23 per cent of UK organisations reported customer records compromised as a result of cyber-attacks, 20 per cent said employee records were affected, while 21 per cent reported loss or damage to internal records.
The most common cause of cyber attacks is through employee emails, which is responsible for over a quarter of all attacks.
Cyber security partner at PwC, Richard Horne said it is important businesses and public sector organisations are prepared in the event of an attack.
“Cyber security needs to be viewed as a ‘team sport’ rather than just an issue for the IT team," he said.
“To be most effective, everyone in an organisation should be considering the security implications of their actions. Pulling a business together like that requires strong leadership from the top.
“Working with others across the public and private sector is also important. Forging close working collaborations and sharing intelligence is often the best way to tackle the latest threats."
PwC’s annual Global State of Information Security Survey is based on interviews with 9,500 senior business and technology executives from 122 countries. The 560 UK respondents span large to small businesses and public sector organisations and include those operating in Northern Ireland.
