Business Express is an online portal that covers the latest developments in the world of business and finance. From startups and entrepreneurship to mergers and acquisitions, Business Express provides reporting on the stories that matter most to business leaders and decision-makers.The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
Cyber Risk
iStock 1455952390

UK business leaders struggle to understand cyber risk as a financial risk as three-quarters of mid-to-large firms report breaches


Despite the UK Government’s latest figures showing that 74% of mid-to-large UK businesses have experienced cybercrime, IT and financial leaders working at the UK’s largest firms demonstrate a poor understanding of cyber risk as a financial risk, finds a new survey from cyber risk solutions company Resilience. 

The results demonstrate a gap in understanding between what actually drives the greatest financial losses for companies versus what drives the media conversation. The results also demonstrate an urgent need for cybersecurity leaders to educate and enable themselves with the right solutions in order to make better business decisions around cybersecurity investment and cyber risk management. 

The survey, conducted in partnership with YouGov, surveyed 206 financial and IT decision makers across UK firms with an annual turnover of more than £100m. 

Data breaches were the leading cause of concern for business leaders, with 72% identifying them as their primary cyber risk. In contrast, only 47% of leaders surveyed expressed concerns about ransomware, despite the National Cyber Security Centre (NCSC) recognising it as the UK’s most significant cyber threat. 

While ransomware has larger financial ramifications for a company, being the cause of more than 80% of losses for Resilience clients in 2023-24, data breaches subject businesses to stricter scrutiny. Under General Data Protection Regulations, companies must report such incidents within 72 hours, adding pressure to effectively manage these breaches. 

Third-party vendor oversight remains a separate blind spot for business leaders. While 83% of leaders claim to be ‘familiar’ with the third-party vendor systems that their businesses use, only 35% believe vendor due diligence to be effective in mitigating cyber risks. Moreover, nearly half (47%) admitted that they had been impacted for at least 12 hours as a result. 

This disparity in understanding is less pronounced with larger businesses. Some 44% of large businesses surveyed consider vendor outages to be a key concern for their business, compared to a total of 40%. Businesses with annual turnovers of more than £750m are significantly more likely (43%) than those below £250m (24%) to view vendor due diligence as an effective measure to reduce exposure to losses from cyber incidents. 

Don't miss out on any breaking news or insightful opinions!
Subscribe to our free newsletter and stay updated on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email.

The resurgence of ‘big-game hunting’, with cybercriminals focusing on larger targets, means that growing mid-sized firms are increasing targets lacking the resources or budget to deal with third-party attacks effectively, unlike large companies. Indeed, 34% of companies with a turnover of at least £1bn went unscathed by vendor outages. 

As costs and resources remain the primary constraining factor for mid-sized firms, business leaders must be better equipped to understand cyber risk in financial terms. According to the UK Government, cyber breaches cost mid-to-large-sized firms an average of £10,830 in 2023. 

However, the survey found that only 54% of businesses kept quantitative risk registries, limiting their ability to oversee the financial ramifications of cyber-attacks. Quantifying cyber risk enables business leaders to prioritise security controls and insurance more effectively, optimise their return on investment, and minimise the likelihood of significant financial losses. When considering measures companies can take to mitigate the impact of cyber incidents, no more than 62% of leaders determined any one measure effective, with education on cybersecurity (eg. among staff) the most commonly identified measure.

“Cyber risk has become an undeniable reality for businesses of all sizes, yet our findings highlight a concerning gap in understanding and preparedness, particularly in how leaders assess and manage these risks as financial risks,” said Vishaal ‘V8’ Hariprasad, CEO and co-founder of Resilience.

“Traditional approaches are no longer enough, and organisations must embrace a financial lens to improve their cyber business decision making and achieve cyber resilience. By quantifying and modelling potential impacts, investing in effective mitigation strategies, and ensuring return on investment on cyber insurance, business leaders can receive real value in countering cybercrime. Only by bridging these gaps can businesses stay resilient in the face of growing threats.” 

Other key findings from the survey include:

  • Business interruption (38%) and data breaches (37%) were the leading insurance claims firms filed for
  • Despite 93% of businesses surveyed having cyber insurance, only 45% of leaders claimed it was effective in reducing losses
  • IT leaders generally showed higher cyber literacy levels than financial leaders
  • Business interruption (72%) was a larger concern for companies with an annual turnover of less than £250m, with these companies facing more breaches
  • 30% of businesses did not file any claims despite having cyber insurance
Recent Post: