- Lloyds Bank cyber event finds that only a third of businesses have a financial plan in place in the event of a cyber attack
- But over a third would pay a ransom to get their systems and data back
- Only half of companies discuss the risk of cyber at board level while only a quarter of firms have dedicated cyber insurance
Eight in ten UK business leaders are concerned or very concerned about the financial implications of a cyber-attack on their business yet only a third have a financial plan in place, according to a recent survey at Lloyds Bank’s first ever “Cyber Beyond IT” event in London.
The inaugural event explored how the growing digitisation of businesses, their supply chains, and the emergence of the “Internet of Things” is accelerating companies’ risk of disruption from a cyber-attack and that the financial implications are often overlooked.
The audience poll, which canvassed the views of over 150 executives (from small and medium sized businesses up to larger global corporates) showed that only a third (32%) of attendees have a financial resilience plan in place.
Furthermore over a third (34%) of companies would pay a ransom to get their systems and data back in the case of a cyber-attack; more than one in ten attendees (13%) said that they would pay a ransom of £1 million or more.
Giles Taylor, Head of Data & Cyber Security, Lloyds Bank Commercial Banking said: “The world is moving quickly and the reality today is that the economic impacts of cyber security can no longer be ignored. Until recently cyber has been seen as a problem for the IT department to manage but when the worst happens, the whole business suffers.
“A startling finding is that over a third of companies would pay a ransom to retrieve their data from an attacker when there is no guarantee that a business will get its data back or that its systems will be safe to use again.”
Attendees at the event also learnt from the experiences of other businesses responding to cyber-attacks as well as gaining an understanding of the financial implications including funding, risk, liquidity and insurance. Further findings from the audience poll showed that:
- Almost two thirds (65%) of companies thought it would take them six months or more to recover from a disruptive cyber-attack; almost a fifth (18%) said one year or more to recover.
- More than four in ten businesses (43%) do not have a financial cash reserve in place for an attack.
- Only half (53%) of companies regularly discuss cyber risk at their board meetings
- Only a quarter (24%) of firms have dedicated cyber insurance
Giles Taylor, Head of Data & Cyber Security, Lloyds Bank Commercial Banking added: “A common problem faced by businesses is failing to understand the full financial impact of a cyber-attack. Businesses recognise that there will be disruption but if recovery is going to take months or years rather than weeks, then without a plan the financial implications can be disastrous. A cyber crisis can quickly turn into a liquidity crisis and the sudden drain on cash reserves could affect a firm’s ability to pay staff or suppliers and stay afloat.
“Our findings highlight the fact that organisations are not considering all of the knock-on effects of a cyber-attack and don’t always have sufficient financial plans in place. Strong governance, operational and financial planning should be at the heart of any cyber-response activity so that they are better equipped to minimise any potential harm.”