View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 3, 2016updated 05 Sep 2016 7:55am

Cyberattacks not reported to police and ransoms paid, as IoD finds cybersecurity not being taken seriously

News: Large proportion of attacks going unreported.

By Charlotte Henry

The Institute of Directors (IoD) is warning that firms are not taking cyber security seriously enough.

The research, conducted with Barlcays, found that just 28% of cyber attacks are being reported to the police. Companies were found to prefer not to report attacks, despite 49% of attacks causing interruptions to business practices.

Richard Brown, Director EMEA Channels & Alliances at Arbor Networks, said: "The fact that cyber-crime is not being reported and businesses are paying hackers’ ransoms is very concerning. It will also be a worrying thought for many customers who will wonder whether their data has been compromised."

91% of the business leaders surveyed said that cyber security was important, but only 57% had a formal stragey in place to protect their firm, with 20% having insurance for a cyber attack, and 21% considering it in the next 12 months.

Professor Richard Benham , who authored the report, said: "As attacks become more prevalent and increasingly sophisticated, businesses need to defend themselves, know how to limit damage, and be ready to respond quickly and comprehensively when the inevitable happens. No shop-owner would think twice about phoning the police if they were broken into, yet for some reason, businesses don’t seem to think a cyber breach warrants the same response."

The IoD reported that one in eight of its members had experienced damage as a result of a cyber attack that interrupted businesses. "The implication of this figure is that anti-virus software/firewalls are not being used effectively either by the business or their provider," said the report.

Benham said that the research, which was compiled on the basis of responses from nearly 1000 members of the IoD, emphasised that cyber attacks need to be taken seriously at the very highest levels of a business, saying that it should become "a boardroom priority."

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

The report said that 49% of respondents provided cyber awareness training for staff, and 6% said that they had not spent anything on cyber security over the course of the last year.

"Businesses need to develop a cyber security policy, educate their staff, review supplier contracts and think about cyber insurance," said Benham.

The research also found a lack of awareness in key cyber issues. While 59% said they outsourced their data, 43% didn’t know where the data was physically stored, a statistic the IoD describes as "truly frightening".

Stephen Love, Security Practice Lead – EMEA at Insight UK, said: "It is crucial businesses assess just what portion of their data is most valuable and needs closer security attention. Not all data in an organisation would be deemed ‘sensitive.’ By carrying out a thorough assessment as to what data is uniquely distinct to the organisation, then discovering in what ways it’s at risk and putting in place security measures accordingly, every organisation can feel confident that they have the best defensive measures possible in place. "

21% were unsure whether or not they held cyber insurance, while 68% had never head of the UK’s national reporting centre for fraud and internet crime Action Fraud Aware.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU