Only a third of businesses have a financial plan in place in the event of a cyber attack, but over a third would pay a ransom to get their systems and data back, according to Lloyds Bank.

Only half of companies discuss the risk of cyber at board level, while only a quarter of firms have dedicated cyber insurance. The findings come from a poll conducted among more than 150 attendees at the inaugural Lloyds Bank ‘Cyber Beyond IT’ event on 21 March.

Giles Taylor, head of data and cyber security for Lloyds’ Commercial Banking, warned that the economic impacts of cyber security can no longer be ignored. “A startling finding is that over a third of companies would pay a ransom to retrieve their data from an attacker when there is no guarantee that a business will get its data back or that its systems will be safe to use again.”

Almost two thirds of companies thought it would take them six months or more to recover from a disruptive cyber-attack, while nearly a fifth said it would take one year or more to recover.

Taylor added that businesses recognise there will be disruption in the event of a cyber attack, but if recovery is going to take months or years rather than weeks, then the financial implications can be disastrous. “Our findings highlight the fact that organisations are not considering all of the knock-on effects of a cyber-attack and don’t always have sufficient financial plans in place,” he added.

David Emm, principal security researcher at Kaspersky Lab, commented that robust IT security strategies should be implemented in a business from the ground up, as it should be about prevention, rather than recovery. “In today’s complex threat landscape, any company not implementing comprehensive security measures could struggle - or fail - to recover from a breach or attack.”

Share Story: