Resilience: Firms Fail to Grasp Cyber Financial Impact

Share
Cyber attackers are shifting their focus toward mid-sized organisations
Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

Cyber attacks on UK businesses reached record levels in 2024, yet companies continue to misunderstand which threats pose the greatest financial risk to their operations. This disconnect between perception and reality presents a growing challenge for firms attempting to protect themselves against evolving cyber threats.

The complexity of the cyber threat landscape has intensified as attackers shift their focus toward mid-sized organisations, which often maintain valuable data yet lack the cybersecurity infrastructure of larger enterprises. This trend coincides with increased regulatory pressure on firms to prevent data breaches, potentially drawing attention away from other significant cyber risks.

Key facts
  • 47% of UK firms experienced vendor outages lasting more than 12 hours in 2024
  • £10,830 average cost of cyber breaches for mid to large-sized UK firms in 2023
  • 54% of surveyed businesses maintain quantitative risk registries to track financial impacts

This disconnect comes as the National Cyber Security Centre (NCSC) identifies ransomware, a form of malicious software that encrypts files until a payment is made, as the UK's primary cyber threat. Under General Data Protection Regulations, companies must report data breaches within 72 hours, which may explain the heightened focus on breach prevention rather than ransomware defence.

Resilience and YouGov uncover vendor risk blind spots

According to the research, third-party vendor management emerges as a critical weakness in UK corporate cybersecurity strategies. While 83% of leaders claim familiarity with their vendor systems, only 35% express confidence in vendor due diligence as an effective risk mitigation tool. Nearly half of firms surveyed experienced vendor-related outages lasting 12 hours or more.

Youtube Placeholder

The research indicates a correlation between company size and vendor risk awareness. Firms with annual turnover exceeding £750m (US$957m) show higher likelihood (43%) of viewing vendor due diligence as effective compared to companies below £250m (US$319m) (24%). Companies with turnover above £1bn (US$1.28bn) report better outcomes, with 34% avoiding vendor outages entirely.

Smaller firms face increased cybersecurity education challenges

When examining cybersecurity measures, education programmes for staff emerge as the most recognised mitigation strategy, though no single measure received more than 62% confidence from respondents. IT leaders display higher cyber literacy levels compared to their financial counterparts across all measures.

Cyber risk has become an undeniable reality for businesses of all sizes

Vishaal Hariprasad, CEO and co-founder of Resilience

The study reveals variations in cyber incident impact based on company size. Business interruption affects 72% of companies with annual turnover below £250m (US$319m), suggesting smaller firms face more frequent breaches than their larger counterparts.

Mid-sized firms face growing targeting from cybercriminals

The rise of 'big-game hunting', where cybercriminals target larger organisations, places growing mid-sized firms at risk. These companies often lack resources to address third-party attacks effectively, while facing average breach costs of £10,830 (US$13,821) in 2023, according to UK Government data.

Vishaal Hariprasad, CEO and co-founder of Resilience

Insurance claims patterns reveal additional insights into cyber incident trends. Business interruption and data breaches lead insurance claims at 38% and 37% respectively. However, 30% of businesses with cyber insurance coverage filed no claims during the survey period.

Resilience, founded by experts from US military and intelligence communities, conducted the research through YouGov. The company, which maintains offices in San Francisco, New York, Chicago, Los Angeles, Baltimore, Toronto, London and Dublin, receives backing from technology investment firms including General Catalyst, Lightspeed Venture Partners, and Intact Ventures.

Vishaal Hariprasad, CEO and co-founder of Resilience, says: “Cyber risk has become an undeniable reality for businesses of all sizes, yet our findings highlight a concerning gap in understanding and preparedness, particularly in how leaders assess and manage these risks as financial risks. Traditional approaches are no longer enough, and organisations must embrace a financial lens to improve their cyber business decision making and achieve cyber resilience.”


Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 


Cyber Magazine is a BizClik brand

Share

Featured Articles

Apple's Siri: How The Most Private AI Assistant Works

After a lawsuit, Apple is eager to prioritise privacy in Siri through its on-device processing, minimal data collection and advanced security protection

How The UK’s AI Plan Will Impact The Cybersecurity Sector

The UK’s £14bn AI investment requires enhanced cybersecurity measures as Kyndryl and Vantage Data Centres prepare for infrastructure expansion

Darktrace to Acquire Cado Security in Cloud Defence Push

AI cybersecurity firm Darktrace expands its cloud investigation capabilities through purchase of Cado Security, following recent acquisition by Thoma Bravo

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Cyber Security

Netskope Data Shows Phishing Success Rate Tripled in 2024

Cyber Security

CrowdStrike Field CTO Warns of Identity-Based Attacks Shift

Cyber Security