A colossal 44 per cent of UK businesses do not even have a cybersecurity insurance policy in place to stem the damage of an attack.
UK organisations are facing mounting scrutiny regarding the handling of cyber incidents, but a massive 28 per cent of businesses are not even aware of how many times they have been hit.
Combining with this statistic to form a deadly concoction, the average security budget has plummeted to £3.9 million, from a robust £6.2 million just a year ago.
Underlining the lack of cyber awareness among UK businesses, 49 per cent do not test their own cybersecurity defences. These statistics have been gathered and presented by professional services network, PwC, in its Global State of Information Security Survey 2018 report.
On top of these already troubling findings, 44 per cent of UK businesses do not have a cyber insurance policy to manage the impact of a breach.
Richard Horne, Cyber Security Partner, PwC, said: “Forging close working collaborations and sharing intelligence is often the best way to tackle the latest threats. New forms of attack require new ways of working to defend our society.”
The report also found that the average recovery time for a business after being hit by an attack was 19 hours, a considerable period of time that would be damaging both financially and reputationally.
Bharat Mistry, Principal Security Strategist, Trend Micro, said: “I’m surprised that organisations still fail to test their security incident/breach response procedures and processes. The last thing you want when you have a breach is for staff to be reading the breach response handbook and trying to figure work out who should be what.
It is becoming clear that collaboration is essential for cybersecurity, yet 53 per cent of UK businesses still have not established a cross-organisational team to tackle the problem.
“In fact I would say if you haven’t tested your breach response plan, then it’s not worth the paper it’s written on. With the looming deadline of GDPR and the consequential fines for breaches of personal data it’s now more imperative than ever to make sure that you not only have a plan but its tested and effective to ensure compliance,” said Mistry.