Nearly half (43%) of UK organisations maintain that their cybersecurity strategies are impeccable, requiring minimal adjustments. However, new findings from Cohesity, a leader in data security, highlight how this overconfidence might precede a calamity, leaving companies vulnerable and ill-equipped against potential disasters.
With an overwhelming 90% of British businesses resorting to cyber insurance to manage recovery expenses, it's clear that the majority are leaning heavily on this safety net. Alarmingly, 91% reported that the insurance failed to fully cover recovery costs. The data suggests a disconnect in how rapidly cyber threats evolve compared to the insurers' ability to predict and model these risks. Consequently, businesses are mistakenly placing insurance as their frontline defence rather than the ultimate fallback.
The Cohesity report also unveils the increasingly sophisticated nature of cyberattacks. A significant 71% of UK companies admitted to paying a ransom over the past year, with a concerning third of these payments exceeding $1 million (approximately £760,000). The UK's average ransomware payout stands at $1.4 million (about £1,051,000), surpassing the global average.
The ramifications of these breaches echo deeper into corporate structures. Beyond the immediate technical response, corporate strategies are being reshaped. Notably, 84% of businesses admitted to seeking revenue drop-offs, a figure driven up by the 31% who saw a loss between 1-10% of their annual revenue.
Additionally, 76% witnessed a decline in stock value, while shareholder scrutiny rose dramatically, with 86% experiencing increased pressure. Legal challenges are on the rise too, with 28% of organisations navigating at least one lawsuit or class-action litigation. Fines and penalties were reported by 45% of those surveyed, underscoring the far-reaching implications of poor cybersecurity preparedness.
Fraser Hutchison, VP for Northern Europe at Cohesity, reflected on the findings, highlighting a critical gap in preparedness. Though he notes that even established brands with advanced threat detection systems are susceptible, Hutchison emphasises the need for heightened focus on response and recovery measures to bolster resilience against the inevitability of cyberattacks.
