CIO Influence
CIO Influence News Security

New CFO Study Highlights a Dangerous Disconnect Within UK Businesses in Planning for Cyber-Attacks

New CFO Study Highlights a Dangerous Disconnect Within UK Businesses in Planning for Cyber-Attacks
57% of CFOs report their organisation has been hit by a ransomware attack, but only 12% are actively involved in determining the risk and protecting their organisation from cyber threats. 
An average of £3 million was paid per attack to ransomware groups, four times the sum expected by those who have not been hit.
56% of CFOs say their organisation paid a ransom for the return of data. One-third admit that the business didn’t receive their data in return.  
69% of CFOs think that the board doesn’t take cyber and associated risks seriously enough.

Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity, revealed new research highlighting the role executive leadership teams play in their organisations’ cyber defenses. The independent survey was conducted by Sapio Research and engaged over 200 CEOs, senior financial, and IT security decision-makers working at mid to large enterprises in the UK. The findings laid bare the disconnect in how senior management teams collaborate and determine the risks and impact on their operations when hit by a cyber-attack.

Latest ITechnology News: Zscaler and Siemens Partnership Delivers All-in-One Solution to Accelerate Secure Digitalization for OT Environments

CFO are struggling to play their part in the risk assessment of cyber-attacks on the financial health of their organisations with only 12% of CFOs actively involved in the process. This exclusion has caused confidence to plummet amongst financial leaders, with only 14% of CFOs stating that their business is well-prepared and could withstand a cyber-attack. This implies a significant perception disconnect compared with the 63% of CEOs who feel they are well-prepared.

Additionally, there is a large gap between CFO’s estimates of ransomware demands and the reality of ransomware payments. Despite respondents saying they would only pay, on average, a ransom of around £760,000, the reality is that those survey respondents that did pay ransoms paid more than £3 million, four times higher than predicted. Moreover, for those that paid ransom demands, only 32% were able to recover their data – showing that positive outcomes are far from certain even when cooperating with bad actors.

The research also revealed that studious financial planning is essential to gain a clear picture of the monetary risks that come from cyber-attacks. Only 38% of respondents cited that they are confident in placing a monetary value on the data within their organisation, as well as calculating the potential impact of its loss. Worse, 48% gave answers that reveal a lack of accurate assessments, or no assessments at all.

According to Heather Bellini, Chief Financial Officer at Deep Instinct, “Cyber criminals and organisations usually have a common goal – financial reward – and each day a new ransomware attack hits the headlines one of the first questions amongst executives is, ‘how much is it going to cost to get back the data?’ It is vital for organisations to take the task of quantifying the financial risk of cyber-attacks seriously and ensure it is accurate, otherwise they can fall into the trap of having a false sense of security and being blasé when it comes to the true cost.”

Latest ITechnology News: Gigamon Releases “2022 TLS Trends Research” Based on 1.3 Trillion Network Flows

She continues, “This is why it is so important that all senior and strategic roles within the business have an active and equal responsibility in ensuring their business is resilient and well prepared. We talk in the industry about breaking down siloes and cybersecurity no longer being the sole remit of the IT team, but this isn’t translating into meaningful action. Until this changes, organisations will continue to be counting the costs of breaches and lining the pockets of cyber criminals.”

It should come as no surprise that ransomware attacks have a significant impact on business continuity. Nearly two-thirds (61%) of all respondents admitted their business has been hit by a ransomware attack, with 56% paying the ransom. In 29% of the cases where a ransom was paid, the CEO made the decision while the CFO made the decision in just 14% of situations.

Says Guy Caspi, CEO of Deep Instinct, “While it may be shocking to see how prevalent and successful ransomware attacks are, I believe we are only seeing the tip of the iceberg. With nearly two-thirds of organisations admitting to being hit by ransomware, you can’t help but wonder how many have stayed under the radar, especially when it continues to be so profitable for attackers.”

“From a corporate governance perspective, much more needs to be done to ensure that all stakeholders are truly cognizant of not only the risks to their business, but also in the full potential of financial and other business impacts that come from being successfully attacked. It is not enough to assume that your stack of security solutions checks a box and your responsibility is done. Having confidence in your organisations’ ability to block attacks should come from knowing that malicious malware is stopped before it can encrypt, protecting your environment, your customers, your brand, and your bottom line.”

Latest ITechnology News: American College of Lifestyle Medicine Adds Precision Cloud-Based Health and Wellness Software Provider LifeOmic to its Lifestyle Medicine Corporate Roundtable

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Sandvik Acquires CAM Post Processing Software Developer Postability

PR Newswire

Machine Learning Innovator Wallaroo Wins Backing from Microsoft’s M12 in $25Million Series A Round

CIO Influence News Desk

Edge Delta Announces Live, Interactive, Open Environment for Free and Unlimited Exploration

Leave a Comment