UK businesses are increasingly at risk of cyberattacks, with a lack of effective cyber security measures leading to significant financial and reputational damage, according to a report published today by Savanti, one of the UK’s leading cybersecurity consultancies.
The report, titled “Effective Board Governance of Cyber Security: A source of competitive advantage,” offers a stark warning to UK organisations, stating that a majority of directors find their boards ineffective in comprehending cyber risks.
Global cyberattacks have seen a 38% surge in 2022 compared to the previous year. This alarming rise is evident in the UK, where there have been 2.4 million instances of cybercrime in the last 12 months.
Predictions from Cybersecurity Ventures suggest that by 2025, the global cost of cybercrime could reach an astronomical £8.4tn annually. If cybercrime were a country, it would have the world’s third-largest economy, trailing only the US and China.
The report also delves into the substantial costs associated with cyberattacks, spotlighting recent high-profile incidents. Among these are attacks on the Electoral Commission, which exposed voters’ personal data for 14 months, and breaches involving well-known companies like British Airways and Boots. In these cases, employees’ bank details and contact information were compromised, leaving the organisations open to hefty legal repercussions and a loss of public trust.
A critical concern is that while boards are prioritising cybersecurity, 59% of directors admitted that their understanding of its impacts is lacking. Richard Brinson, CEO of Savanti, commented: “Many investors see cyber as the canary in the coal mine for the health and resilience of a business. While progress has been made, many boards still struggle to dispense their responsibilities effectively.”
Contrastingly, the report emphasises that businesses with ‘cyber-engaged’ boards witness substantial benefits. These include increased revenue growth, higher success rates in attracting clients, and elevated investor confidence.
Brinson suggests boards can take actionable steps to improve their cyber governance. Recommendations include having at least one board member with direct cybersecurity experience, making cyber issues a regular agenda item at quarterly board meetings, and preparing for the time it might take to recover from a major cyber incident like a ransomware attack.
Brinson also cautioned UK businesses to be proactive about upcoming cybersecurity regulations. “In the US, companies are now required to disclose cybersecurity breaches affecting their bottom line within four days. It’s very likely that similar legislation will soon be enacted in the UK and Europe, which will supersede current GDPR reporting rules. Businesses must get ahead of this imminent regulatory change.”
