More than a third (37%) of UK businesses reported that their cyber security measures had been compromised due to a lack of internal expertise in managing emerging technology risks, according to new research from insurer Hiscox.
Its annual Hiscox Cyber Readiness Report 2024, published on 24 October 2024, polled 2,150 professionals responsible for cyber security strategies – including 250 from the UK – between 12 August and 2 September 2024.
This survey revealed that 34% of UK business leaders felt unprepared to handle a cyber attack – despite the fact that 70% of UK-based respondents had experienced an increase in cyber attacks over the past 12 months.
The research also found that 70% of UK firms had integrated generative artificial intelligence (AI) into their business practices, with 57% believing that this technology would significantly impact their company’s cyber security risk profile.
Eddie Lamb, chief information and security officer at Hiscox, said: “Businesses need to see technological innovation and cyber security as complementary, rather than conflicting, forces.
”Business leaders will need to continue to invest in attracting the right expertise to manage emerging technology risks if they are to not just survive but thrive in a world of expanding technologies with their reputations intact.”
Reputational damage
More than half (62%) of the UK leaders surveyed thought that reputational damage from a cyber attack could significantly damage their business.
Of the UK respondents that had experienced a cyber attack, 37% said they had subsequently faced bad publicity – compared to 25% of respondents who cited this last year – and 46% stated that they had faced greater difficulty in attracting new customers, up from 20% who thought this in 2023.
Around a fifth (19%) had lost business partners following their firm being victim of a cyber attack.
Lamb added: “In today’s business environment, protecting the reputation of any business is just as critical as safeguarding the physical assets.
”Businesses will spend not only years but also thousands, if not millions, of pounds building their reputation, only to see it destroyed in minutes following a cyber attack.”
Concerns over reputational damage influenced businesses’ decisions to make ransomware payments, the research found. The top three reasons respondents gave for paying a cyber ransom over the past 12 months included protecting customer data, protecting reputation and recovering data due to insufficient backup.
Lamb continued: “It is vital that businesses continue to foster an environment where cyber education is a continuous process, ensuring every member of the organisation understands the critical role they play in maintaining cyber security.”