Newsroom / Risk Management
UK Firms Sleepwalking into Cyber Attack Chaos with Only 8% Checking for Hacks Daily
  • New research shows huge perception gap over cyber risk preparedness
  • 60% of UK firms think they are well-prepared for cyber threats, but many are dangerously exposed
  • Only 8% of UK companies use hacking detection methods every day and only a third do so once a month
  • Just 50% of UK businesses involve the Board in cyber-breach planning
  • 27% do not ensure staff know how to deal with a cyber breach and 26% fail to educate new staff despite most common types of breach all being heavily linked to human factors

With the world still reeling from the ransomware cyber attack on Friday 12th May, new research from Lockton, the world’s largest global independent insurance broker, today reveals the stark extent to which UK businesses are failing to keep pace with the rapidly evolving threat of cyber attacks, with just 8% checking for hacking activity daily. Only a third (32%) are doing so at least once a month, with one in four (24%) monitoring just once every two to three months.

The findings of the comprehensive study of 200 senior decision makers responsible for cyber security, prevention and resolution, highlight a staggering perception gap within UK plc with 60% of organizations believing they are industry leading despite infrequent use of hacking detection methods, inadequate engagement from key stakeholders and ineffective training leaving many dangerously exposed.

Peter Erceg, Senior Vice President, Global Cyber & Technology said:

“UK companies are clearly underestimating their risk by thinking they are well prepared for a cyber security breach. The current crisis reveals the huge vulnerability of businesses to the ever-present threat of cyber attack and their failings in keeping pace with its rapid evolution.

“Aside from the widespread inconvenience, the cost of a data breach can be profound, running into millions of pounds for larger organisations, with additional hits to reputation, customer base and business opportunities.”

Only 8% of UK organisations check if they are being hacked every day

With Government figures estimating that seven in 10 large companies experienced a cyber breach or attack in the past 12 months, early detection is crucial to preventing significant loss or damage2. The cost of a data breach can run into millions of pounds, with the average cost per lost or stolen record at £1023.

Despite this only 8% of UK organisations check to see if they are being hacked every day. Almost a third (32%) only do so at least once a month while a quarter (24%) only use detection hacking methods every two to three months.

Lack of Board engagement drives over-reliance on IT and poor co-ordination of key stakeholders

Many companies are also failing to involve relevant stakeholders in cyber-breach scenario planning. Just 50% of organisations say the Board is in any way involved, with other key figures such as the head of PR and communications (26%) and head of HR (7%) also excluded.

In contrast, 96% of those surveyed say the head of IT is involved, alongside other key figures including risk management (88%) and operations (78%).

Consequently, just 26% of companies say the Board is the most influential figure in terms of decision making for cyber-breach scenario planning, compared to 42% who say it is the head of IT and 28% who cite risk management teams.

Erceg says:

“The lack of engagement by key stakeholders is worrying. The Board needs to be intimately involved in cyber breach planning to allow them to constructively challenge their head of IT and other key members of staff to demonstrate how prepared their organisation is, and identify when this preparedness is being exaggerated.

“The outputs of a cyber breach are very much a Board-level concern. They must be held accountable to ensure their organisation has an effective cyber risk management strategy in place, including sufficient protection to protect critical corporate assets.”

High risk of human error goes unchecked as staff don’t know how to deal with cyber breaches

UK organisations are also failing to mitigate the high risk of human error causing a cyber breach. More than a quarter (27%) of UK organisations admit not all of their staff are aware of the correct procedure and who to contact in the event of a cyber breach, while a similar proportion (26%) say new staff are not made aware of the cyber security processes and procedures in place within their company. Almost a fifth (18%) do not regularly update staff with the latest news on dealing with potential cyber security breaches.

Given the four most common types of cyber breaches – fraudulent emails, viruses, spyware and malware, impersonation and ransomware – are all linked to human factors, staff awareness and understanding should be treated as a crucial part of cyber breach prevention.

Erceg comments:

“You can never completely prevent a cyber breach, but proper training is a critical line of defence. In most cases, cyber attackers gain access through a member of staff, so it's vital employees are trained to recognise suspicious or fraudulent activity. With the threat of cyber-attacks increasing exponentially there is no excuse for companies not to be investing in the development of a robust mitigation plan, underpinned by a set of employee policies and guidelines.”


For further information please contact:
Instinctif Partners

Rachel Morrod or Ambrose Fullalove
Tel: +44 207 427 1431 / +44 207 457 2831

1 Target respondents were CFOs, CROs, CIOs, Director of Risk and General Legal Counsel. Fieldwork completed by Coleman Parkes in January/February 2017.
2, Cyber Security Breaches Survey 2017, 19 April 2017
3 Ponemon Institute, 2016 Cost of Data Breach Study: United Kingdom (June 2016)

About Lockton

Lockton is a global professional services firm with 6,500 Associates who advise clients on protecting their people, property and reputations. Lockton has grown to become the world’s largest privately held, independent insurance broker by helping clients achieve their business objectives. For eight consecutive years, Business Insurance magazine has recognized Lockton as a "Best Place to Work in Insurance." To see the latest insights from Lockton's experts, check Lockton Market Update.

< Back to Newsroom Updates
Discover more Insights & Publications  |  Read more in the Lockton Newsroom  |  See our Client Stories
Discover more Insights & Publications
See our Client Stories