Most UK firms are failing to plan for the financial impact of cyber attacks, a survey by Lloyd’s Bank has revealed.

Only a third of UK business leaders say they have a financial plan in place to counter the effects of a cyber attack, a survey shows.

This is despite the fact that 80% of 10 UK business leaders are concerned or very concerned about the financial implications of a cyber attack on their business, according to a poll of more than 150 business leaders at Lloyd’s Bank’s recent Cyber Beyond IT event in London.

The event explored how the growing digitisation of businesses, their supply chains, and the emergence of the internet of things (IoT) is accelerating companies’ risk of disruption from a cyber attack and that the financial implications are often overlooked.

The poll showed that only 32% of respondents have a financial resilience plan in place, 43% do not have a financial cash reserve in place for an attack.

However, more than a third (34%) said their companies would pay a ransom to get their systems and data back in the case of a cyber attack, and more than one in ten said they would pay a ransom of £1m or more.

Giles Taylor, head of data and cyber security, Lloyd’s Bank Commercial Banking said that the world is moving quickly and the reality today is that the economic impacts of cyber security can no longer be ignored.

“Until recently, cyber has been seen as a problem for the IT department to manage but when the worst happens, the whole business suffers. A startling finding is that over a third of companies would pay a ransom to retrieve their data from an attacker when there is no guarantee that a business will get its data back or that its systems will be safe to use again,” he said.

Recovery times for businesses?

The poll also revealed that 65% of companies think it would take them six months or more to recover from a disruptive cyber-attack, while almost a fifth (18%) said it would take one year or more to recover.

At the same time only 53% said their companies regularly discuss cyber risk at their board meetings, and only 24% said their firms have dedicated cyber insurance.

“A common problem faced by businesses is failing to understand the full financial impact of a cyber-attack,” said Taylor.

“Businesses recognise there will be disruption, but if recovery is going to take months or years rather than weeks, then without a plan the financial implications can be disastrous. A cyber crisis can quickly turn into a liquidity crisis and the sudden drain on cash reserves could affect a firm’s ability to pay staff or suppliers and stay afloat,” he said.

According to Taylor, the poll findings highlight the fact that organisations are not considering all of the knock-on effects of a cyber-attack and do not always have sufficient financial plans in place. “Strong governance, operational and financial planning should be at the heart of any cyber-response activity so that they are better equipped to minimise any potential harm,” he said.

Source: ComputerWeekly