The readiness of UK organisations for cyber-attacks in the future isn't effective enough to prevent data breach or downtimes.
One in every five UK organisations do not prepare or drill for cyber-attacks, thereby weakening their response in the event of a real cyber-attack.
Such readiness, or lack of, was revealed by as many as 560 senior business and technology executives at UK organisations who responded to a survey conducted by PwC to gauge the preparedness of organisations for cyber attacks.
The PwC survey revealed that while one in five UK organisations don't prepare for cyber attacks, only a little over half of all organisations have cross-organisational teams in place that are working on cyber security issues.
At the same time, only 49% of UK organisations conducted real-time penetration tests to examine their defences.
According to Richard Horne, cyber security partner at PwC, lack of cross-organisational cyber security teams shows that organisations are viewing cyber security as an IT issue rather than as a ‘team sport’. The effectiveness of organisations against cyber attacks gets weakened if employees are not made to understand the security implications of their actions.
'Working with others across the public and private sector is key too. Forging close working collaborations and sharing intelligence is often the best way to tackle the latest threats. New forms of attack require new ways of working to defend our society,' he added.
The survey also revealed that 28% of UK organisations don’t know how many cyber attacks they suffered in the past year and one in three organisations couldn't explain how such cyber incidents occurred. These organisations include large businesses as well as public sector organisations.
Organisations in the UK also lag behind their global counterparts when it comes to collaborating with others in the industry to improve security and reduce the potential for future risks. While 58% of organisations globally engage in such collaborations, only 44% of organisations in the UK find the exercise worth their time.
In the past one year, cyber attacks on UK organisations had resulted in 23% of such firms losing customer data, 20% losing employee records, and 21% losing internal data. At the same time, such attacks resulted in an average of 19 hours down-time across the UK.
However, despite the presence of many tools being used by cyber criminals to exploit security weaknesses in IT systems, only 14% of UK companies reported facing direct financial losses as a result of security incidents in the past year and the total financial cost of cyber incidents also reduced to £857,000. However, with 44% of firms lacking any form of cyber security insurance, they are less likely to recover the costs of cyber attacks.
'Cyber attacks could happen to any organisation at any time, so it’s important that all businesses and public sector organisations are getting the basics right and continually testing their approach to prepare themselves in the right way. In that critical moment when an attack hits, the ability to act quickly and effectively is key to minimising business disruption and reputational harm,' Horne added.