Only a third of UK businesses have a financial plan in place in the event of a cyber attack, according to a new survey by Lloyds Bank.
The research also found that if attacked, a third would pay a ransom to get their systems and data back. Almost two thirds (65%) of companies thought it would take them six months or more to recover from a disruptive cyber-attack, while almost a fifth (18%) said one year or more to recover.
The survey found that only half (53%) of companies regularly discuss cyber risk at their board meetings while only a quarter (24%) of firms have dedicated cyber insurance. More than four in ten businesses (43%) do not have a financial cash reserve in place for an attack.
The survey of 150 executives (from small and medium-sized businesses up to larger global corporates) at Lloyds Bank’s recent Cyber Beyond IT event in London showed that only a third (32%) have a financial resilience plan in place.
“A common problem faced by businesses is failing to understand the full financial impact of a cyber-attack,” said Giles Taylor, head of data and cybersecurity at Lloyds commercial banking.
“Businesses recognise there will be disruption, but if recovery is going to take months or years rather than weeks, then without a plan the financial implications can be disastrous. A cyber crisis can quickly turn into a liquidity crisis and the sudden drain on cash reserves could affect a firm’s ability to pay staff or suppliers and stay afloat,” he said.
“Our findings highlight the fact that organisations are not considering all of the knock-on effects of a cyber-attack and don’t always have sufficient financial plans in place. Strong governance, operational and financial planning should be at the heart of any cyber-response activity so that they are better equipped to minimise any potential harm.”