Over half of FTSE 350 companies were using outdated server software.
All UK’s FTSE 350 firms have revealed information that could enable cyber attackers to damage their reputation, according to a new report.
KPMG’s latest research into FTSE 350 companies revealed that every firm had left information open including employee username, email addresses and secret internal file location online.
KPMG cyber response head Martin Jordan said that the research shows that companies do not have full control of their web presence at a time when cyber security has been turned upside down.
"Now, hacking has become automated on an industrial scale – often with state sponsored agencies behind it – and attackers are aiming for an increased competitive edge by stealing company secrets and IP, or purely seeking financial gain through fraud," Jordan said.
As part of the research, KPMG’s cyber response team carried out a simulated attack to enter FTSE 350 firms using public domain data without violating security. It also found that aerospace and defence sector firms recorded the highest leaked internal email IDs.
The research said that about 53% of the FTSE 350 did not have up-to-date security patches or deployed outdated old server software.
KPMG also added that firms in the support services, software and computer services sectors topped the list in terms of sectors most at risk.
"Protecting their networks is not just about self-interest," Jordan added.
"It is about safeguarding the economy and, in the case of critical national infrastructures, it is also about the safety of the population."