Over two thirds (72 percent) of cyber-attacks are not reported by businesses in the UK.
Research from the Institute of Directors (IoD) and Barclays says that only 43 percent of the nearly 1,000 IoD members polled know where their data is physically stored. The research said, “This is a truly frightening statistic. It effectively means businesses are losing control of their organisation's data which may well be the biggest asset of a business.”
One fourth of the respondents said they experienced a cyber-attack in the last year, however only 28 percent reported the attack to authorities. Total number of attacks could be much higher since directors may not be aware of any attacks or may not associate other incidents or data losses as attacks, the IoD says.
The survey results showed a gap between risk awareness and business preparedness. While 91 percent of business leaders said that cyber-security was important, only 57 percent have a strategy in place for protection. Nearly seven out of 10 (68 percent) of IoD member have never heard of Action Fraud Aware, the UK's reporting centre for cyber-crime.
Professor Richard Benham, author of the report, said: “Our report shows that cyber must stop being treated as the domain of the IT department and should be a boardroom priority. Businesses need to develop a cyber-security policy, educate their staff, review supplier contracts and think about cyber-insurance.”
Ross Brewer, VP and MD of EMEA at LogRhythm said, “Cyber-attacks are inescapable, and only by combining education and awareness with security intelligence will businesses be in a position to block an attack before data gets into the wrong hands.”