Three-fifths (60%) of UK businesses have experienced a cyber-attack and/or data breach caused by human error, knocking them out of action for days, according to new research from Gallagher.
The global insurance company polled 1000 UK business leaders to find out more about their exposure to cyber-risk.
It revealed that as many as 3.5 million UK companies may have suffered losses because of human error. Data loss and downtime were both flagged as potentially serious consequences of a cyber-attack.
Nearly a third (30%) said their business was knocked out for four to five days, while a similar number claimed the organization was disrupted for up to three days.
In 14% of incidents, customer data was stolen, potentially exposing these organizations to the risk of data protection fines.
On the plus side, business leaders are prioritizing steps to mitigate the insider threat: 71% said they worry about human error increasing cyber-risk and 64% claimed they regularly remind staff about such risks.
A further fifth (42%) have invested in off-the-shelf packages and 39% in customized tools to help protect their business. Yet just 39% claimed to have sought external advice on how to manage cyber-risk effectively.
This is important as the threat landscape continues to evolve and cyber-criminals are becoming increasingly adept at tricking employees into doing their bidding, according to Tom Draper, head of cyber at Gallagher.
“However, by businesses taking a comprehensive, multi-layered approach to cybersecurity – including ensuring they have the appropriate insurance in place – establishing effective training programs for employees, and implementing technologies that secure the most sensitive data, they can save both money and resources in the long run, while also helping to mitigate the potential threat of an attack,” he concluded.
According to new data from the Ponemon Institute, the volume of insider cybersecurity incidents has risen 47% since 2018, while costs have soared 31% over the same period to reach $11.5m on average per incident.