A quarter of UK companies hit by cyber-attack, industry unsurprised

As cyber-attacks on UK companies continue to hit new heights, some industry bods are surprised, not at how high the numbers are, but how low.

PwC’s new report has left some of the cyber-security industry non-plussed
PwC’s new report has left some of the cyber-security industry non-plussed

A quarter of UK companies have been hit with a cyber-attack according to a new report by global auditing firm, PricewaterhouseCoopers (PwC).

PwC's bi-annual Global Economic Crime Survey polled 6,000 participants around the world over a range of industries and places cyber-crime as the second most reported kind of economic crime this year.

Aside from the fact that a quarter of companies in the UK have apparently already been hit by a cyber-attack, the report shows business expecting more of the same in the near future. Half of British companies expect to be attacked in the next two years.

Globally, 32 percent of companies were affected, and 34 percent believed they will be in the next two years. The UK, global hub that it is, received a considerably larger incidence of cyber-attacks, 44 percent, nearly half of the country's total economic crime. 

These numbers might seem shocking to the uninitiated, but the cyber-security industry has responded coolly. After all, it has been talking about this kind of thing for years, to what must have often seemed like deaf ears. If anything, the apparently headline-grabbing numbers shown in the report seem low.

“All the signs over the past year have pointed to cyber-crime increasing, but it is surprising that PwC found the number of companies hit to be as low as one in four.” David Kennerley, senior manager for threat research at Webroot told SCMagazineUK.com. “This is likely because so many attacks go unrecognised for a long period of time.”

“What is worrying is that only half of the respondents expect some form of cyber-attack in the next two years, because every organisation is at risk - regardless of size, location and product offering. Essentially, if a business makes money or holds data – of which all do – then it is a potential target.

Yaroslav Rosomakho, the channel solutions manager for advanced threats at Arbor Networks, echoed that sentiment, telling SC that “the news from PwC that one in four UK companies have been attacked by cyber-criminals is no surprise. In fact, we believe this figure is far too low.”

Rosomakho added, “we are more connected and reliant on technology than ever before, and as a result, the number of routes for an attack is increasing exponentially. In this new landscape, it's clear that companies must do more as attackers continue to evolve.”

Ross Brewer, VP and MD of international markets at LogRhythm told SC that “It's not surprising that more than half of UK businesses expect to fall victim to cyber-crime over the next two years - cyber-attacks are now an inevitable part of business life.”

While 61 percent of CEOs are concerned about cyber-security, according to the report, less than half of board members actually ask for information about their organisation's cyber-security status. What's more is that only 37 percent have a breach response plan.

Brewer added “what's worrying is the apparent lack of planning companies have in place. At a time when businesses should be fully aware of the repercussions, failing to implement a cyber-security strategy makes no business sense.”

The reports' findings jar badly with a recent report from the newly rebranded Carbon Black, showing that 28 percent of UK CIOs are ‘not concerned' with breaches.

Ben Johnson, Carbon Black's co-founder, told SC at the time, “It is likely that some of those who aren't concerned simply think they are not yet a target, and what is more likely is that they feel like they have adequate protection in place, something that is woefully untrue.  We know that everyone is a target and pretty much no organisation has the cyber-resiliency to achieve anywhere near 100 percent effective defence.”

One of the more intriguing findings of PwC's report is that fraud has risen among senior level staff, or ‘senior fraudsters'. Jens Puhle, UK managing director at 8MAN, told SC that “senior staff usually have unrestricted access to their organisation's entire network, enabling them to copy top secret information with impunity. Customer information, financial data, and mission critical intellectual property are very much in demand from criminal gangs or rival organisations, creating a huge temptation for unscrupulous employees. As with the recent theft from GlaxoSmithKline, they may even seek to use stolen information to set up their own company.”