Resilience: Firms Fail to Grasp Cyber Financial Impact
![](https://assets.bizclikmedia.net/138/454ed619d507d8fbe3009ab383accea5:f1d51231c9ce42256a331323a4832252/cyber-image.webp)
Cyber attacks on UK businesses reached record levels in 2024, yet companies continue to misunderstand which threats pose the greatest financial risk to their operations. This disconnect between perception and reality presents a growing challenge for firms attempting to protect themselves against evolving cyber threats.
The complexity of the cyber threat landscape has intensified as attackers shift their focus toward mid-sized organisations, which often maintain valuable data yet lack the cybersecurity infrastructure of larger enterprises. This trend coincides with increased regulatory pressure on firms to prevent data breaches, potentially drawing attention away from other significant cyber risks.
- 47% of UK firms experienced vendor outages lasting more than 12 hours in 2024
- £10,830 average cost of cyber breaches for mid to large-sized UK firms in 2023
- 54% of surveyed businesses maintain quantitative risk registries to track financial impacts
This disconnect comes as the National Cyber Security Centre (NCSC) identifies ransomware, a form of malicious software that encrypts files until a payment is made, as the UK's primary cyber threat. Under General Data Protection Regulations, companies must report data breaches within 72 hours, which may explain the heightened focus on breach prevention rather than ransomware defence.
Resilience and YouGov uncover vendor risk blind spots
According to the research, third-party vendor management emerges as a critical weakness in UK corporate cybersecurity strategies. While 83% of leaders claim familiarity with their vendor systems, only 35% express confidence in vendor due diligence as an effective risk mitigation tool. Nearly half of firms surveyed experienced vendor-related outages lasting 12 hours or more.
The research indicates a correlation between company size and vendor risk awareness. Firms with annual turnover exceeding £750m (US$957m) show higher likelihood (43%) of viewing vendor due diligence as effective compared to companies below £250m (US$319m) (24%). Companies with turnover above £1bn (US$1.28bn) report better outcomes, with 34% avoiding vendor outages entirely.
Smaller firms face increased cybersecurity education challenges
When examining cybersecurity measures, education programmes for staff emerge as the most recognised mitigation strategy, though no single measure received more than 62% confidence from respondents. IT leaders display higher cyber literacy levels compared to their financial counterparts across all measures.
Cyber risk has become an undeniable reality for businesses of all sizes
The study reveals variations in cyber incident impact based on company size. Business interruption affects 72% of companies with annual turnover below £250m (US$319m), suggesting smaller firms face more frequent breaches than their larger counterparts.
Mid-sized firms face growing targeting from cybercriminals
The rise of 'big-game hunting', where cybercriminals target larger organisations, places growing mid-sized firms at risk. These companies often lack resources to address third-party attacks effectively, while facing average breach costs of £10,830 (US$13,821) in 2023, according to UK Government data.
Insurance claims patterns reveal additional insights into cyber incident trends. Business interruption and data breaches lead insurance claims at 38% and 37% respectively. However, 30% of businesses with cyber insurance coverage filed no claims during the survey period.
Resilience, founded by experts from US military and intelligence communities, conducted the research through YouGov. The company, which maintains offices in San Francisco, New York, Chicago, Los Angeles, Baltimore, Toronto, London and Dublin, receives backing from technology investment firms including General Catalyst, Lightspeed Venture Partners, and Intact Ventures.
Vishaal Hariprasad, CEO and co-founder of Resilience, says: “Cyber risk has become an undeniable reality for businesses of all sizes, yet our findings highlight a concerning gap in understanding and preparedness, particularly in how leaders assess and manage these risks as financial risks. Traditional approaches are no longer enough, and organisations must embrace a financial lens to improve their cyber business decision making and achieve cyber resilience.”
Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.
Discover all our upcoming events and secure your tickets today.
Cyber Magazine is a BizClik brand