Over half of UK businesses (57%) have suffered a cyber-attack in the past year, with one in ten reporting losses of up to £1 million as a result, according to new research from BAE Systems.
The defence contractor and IT consultancy polled 100 executives in firms of over 1,000 employees and put the average cost of a successful attack at £330,000, although for some it went much higher.
This is despite the fact that over three-quarters (79%) said they had the right security measures in place to mitigate these attacks – although ‘many’ of these admitted they had not tested their incident response plans in at least six months.
Reinforcing the importance of a comprehensive approach to cybersecurity, around one in five claimed they either didn’t know or weren’t confident their business could return to normal 48 hours after a serious attack.
“Businesses need to ensure they have the right people, process and tools in place, so when a major incident occurs they are equipped to understand, contain and remediate,” argued BAE Systems Applied Intelligence UK services managing director, Julian Cracknell.
“If action isn’t taken immediately, the price of cyber ignorance – for the company and the wider economy – could be severe.”
Fujitsu EMEIA director of enterprise & cyber security, Rob Norris, claimed that attackers always take the path of least resistance when it comes to breaching a targeted network, so it’s important for the white hats to get more proactive.
“While the launch of the new national cyber security centre (NCSC) in London today is encouraging, as it aims to ensure the online safety of citizens, businesses and the government, organizations must also take responsibility and be proactive to enable real-time threat reporting and fast solutions before a threat becomes a compromise,” he added.
“This should sit alongside a clear and well-rehearsed incident management plan, addressing internal and external communication in addition to containment and recovery activities."