Phil Muncaster at InfoSec Mag reported that "Cybersecurity incidents have cost UK mid-market firms a combined £30bn over the past year as automated attacks become the norm, according to Grant Thornton.
The accounting and consulting giant interviewed 500 UK business leaders from firms with revenue of between £15m and £1bn to compile its latest study, Cyber security: the board report.
It revealed that more than half of those polled had reported losses of between 3-10% of revenue following a cybersecurity breach. For those hit hardest, losses were up to 25% of revenue.
Reputational loss (58%) was the most commonly reported impact of a cyber-attack, followed by clean-up costs (45%), management time (44%), loss of turnover (39%), and customer churn/behavior change (35%).
Part of the problem is that many mid-market firms still believe they are able to avoid the scrutiny of cyber-criminals, and therefore pay less attention to security best practice.
Less than a third (31%) claimed to follow minimum cybersecurity standards, versus 46% of large companies; just half (48%) conduct risk assessments versus 69% in larger enterprises; and 55% do cyber health checks compared to 64%.
Risks will only increase as automated attack techniques grow in popularity – enabling vulnerability identification, credential stuffing, and open source information scraping en masse.
“It’s the equivalent of thieves driving down a street to see who’s left their door open. Criminals exploit the vulnerable networks they identify or sell the list of promising targets on to others eager to exploit the opportunity. If your defenses are not up to scratch, you could already be on a list,” argued Grant Thornton head of cybersecurity, James Arthur.
The problem is that employees are the weakest link in cyber security and the bad guys simple hack humans. Stepping your staff through new-school security awareness training is a must. KnowBe4 is the UK's Security Training And Consultancy Provider Of The Year 2019. See the Network Computing award here.