Businesses see cyber security as important but majority do not take it seriously enough, with most companies lacking cyber insurance and only under a third of attacks being reported.
These were among the findings of the Cyber Security: Underpinning the Digital Economy report by Barclays and the Institute of Directors (IOD) which showed a “worrying gap” between awareness of the risks and preparedness among companies.
The report, which polled nearly 1,000 IOD members, found that only around 57% of business leaders have a formal strategy to protect themselves even though 91% say that cyber security is important.
The study also revealed that only 20% of British businesses hold cyber insurance and just 21% are considering cyber insurance within the next 12 months.
Of the companies that have been victims of cyber attacks, only 28% reported the incidents to the authorities even if 49% of attacks resulted in interruption of business operations and 11% caused financial losses.
“No shop-owner would think twice about phoning the police if they were broken into, yet for some reason, businesses don’t seem to think a cyber breach warrants the same response,” said Richard Benham, a cyber security management professor who authored the report.
The study also lamented that government efforts to tackle cybercrime seem to be failing to get through to businesses since 32% of IOD members were still unaware of Action Fraud Aware, the UK’s national reporting centre for fraud and internet crime.
Benham said the report proves that companies need to get real about cybercrime and its financial and reputational consequences.
“Our report shows that cyber must stop being treated as the domain of the IT department and should be a boardroom priority. Businesses need to develop a cyber security policy, educate their staff, review supplier contracts and think about cyber insurance.”