UK firms urged to invest in prevention and detection of cyber threats
British firms are lagging behind US and German peers when it comes to responding to cyber security threats, putting them at risk of new hacks that could cost upwards of £500,000.
Around 82% of US firms and 72% of German companies made changes after experiencing a cyber attack in the past year, like switching IT auditors, sharing intelligence with third parties, or raising spending on prevention, detection, and incident response programmes.
But that number drops to 64% for UK firms, with 35% saying they have changed nothing following an online security threat, according to a cyber readiness report by specialist insurer Hiscox.
Hiscox chief executive Steve Langan said: "Robust defences against cyber intruders and strong processes for eliminating careless or rogue behaviour internally are now the keys to business continuity and consumer trust.
"Without investment in prevention, detection and training, firms leave themselves exposed to costly business interruptions and possible brand impairment."
The report - which polled over 3,000 business people in Germany, Britain and the US - found the cyber security incidents over the past year averaged £25,736 for a UK company with less than 100 employees, and rose to £62,712 for a firm with 1,000 or more staff.
But some respondents said the total financial cost ballooned to £500,000 when accounting for business disruption, fines, compensation, loss of revenue and the cost of recovering assets.
That is on top of costs associated with lost business and brand damage.
One in 10 respondents admitted to having lost customers or experienced greater difficulty in attracting new ones after experiencing an attack, while a smaller proportion said they lost business partners and suffered from negative publicity.
It follows a number of high profile attacks on British companies in recent months, including Tesco Bank, which paid out £2.5 million to 9,000 customers after money was stolen from their accounts following a major hack in November.
Software accounting firm Sage said that employee details for around 280 companies were accessed by an unauthorised user via an internal login last summer, while banking giant HSBC was hit by a denial-of-service attack that temporarily shut down its online banking service in February.
Across the UK, 48% of smaller companies reported one or more attack in the past 12 months, compared to 59% of larger firms.
Technology, media and telecoms firms are the "most regular" target for hackers in Britain, Hiscox added, with 45% reporting two or more attacks over the last 12 months.
But 59% of businesses across the US, Germany and the UK are set to hike security spending over the coming year by 5% or more, while one in five firms are planning for a double-digit rise.
The most popular area to spend that cash is new technology, though employee training is gaining ground.
Others are planning to bulk up their workforce, with 47% saying they intend to spend at least 5% more on cyber security staffing in the year ahead.