New CFO Study Highlights a Dangerous Disconnect Within UK Businesses in Planning for Cyber-Attacks
Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity, revealed new research highlighting the role executive leadership teams play in their organisations’ cyber defenses. The independent survey was conducted by Sapio Research and engaged over 200 CEOs, senior financial, and IT security decision-makers working at mid to large enterprises in the UK. The findings laid bare the disconnect in how senior management teams collaborate and determine the risks and impact on their operations when hit by a cyber-attack.
CFOs are struggling to play their part in the risk assessment of cyber-attacks on the financial health of their organisations with only 12% of CFOs actively involved in the process. This exclusion has caused confidence to plummet amongst financial leaders, with only 14% of CFOs stating that their business is well-prepared and could withstand a cyber-attack. This implies a significant perception disconnect compared with the 63% of CEOs who feel they are well-prepared.
Additionally, there is a large gap between CFO’s estimates of ransomware demands and the reality of ransomware payments. Despite respondents saying they would only pay, on average, a ransom of around £760,000, the reality is that those survey respondents that did pay ransoms paid more than £3 million, four times higher than predicted. Moreover, for those that paid ransom demands, only 32% were able to recover their data – showing that positive outcomes are far from certain even when cooperating with bad actors.
Recommended AI News: Wirelesscar Announces AI-Research Project for Sustainable Mobility
The research also revealed that studious financial planning is essential to gain a clear picture of the monetary risks that come from cyber-attacks. Only 38% of respondents cited that they are confident in placing a monetary value on the data within their organisation, as well as calculating the potential impact of its loss. Worse, 48% gave answers that reveal a lack of accurate assessments, or no assessments at all.
According to Heather Bellini, Chief Financial Officer at Deep Instinct, “Cyber criminals and organisations usually have a common goal – financial reward – and each day a new ransomware attack hits the headlines one of the first questions amongst executives is, ‘how much is it going to cost to get back the data?’ It is vital for organisations to take the task of quantifying the financial risk of cyber-attacks seriously and ensure it is accurate, otherwise they can fall into the trap of having a false sense of security and being blasé when it comes to the true cost.”
She continues, “This is why it is so important that all senior and strategic roles within the business have an active and equal responsibility in ensuring their business is resilient and well prepared. We talk in the industry about breaking down siloes and cybersecurity no longer being the sole remit of the IT team, but this isn’t translating into meaningful action. Until this changes, organisations will continue to be counting the costs of breaches and lining the pockets of cyber criminals.”
It should come as no surprise that ransomware attacks have a significant impact on business continuity. Nearly two-thirds (61%) of all respondents admitted their business has been hit by a ransomware attack, with 56% paying the ransom. In 29% of the cases where a ransom was paid, the CEO made the decision while the CFO made the decision in just 14% of situations.
Says Guy Caspi, CEO of Deep Instinct, “While it may be shocking to see how prevalent and successful ransomware attacks are, I believe we are only seeing the tip of the iceberg. With nearly two-thirds of organisations admitting to being hit by ransomware, you can’t help but wonder how many have stayed under the radar, especially when it continues to be so profitable for attackers.”
“From a corporate governance perspective, much more needs to be done to ensure that all stakeholders are truly cognizant of not only the risks to their business, but also in the full potential of financial and other business impacts that come from being successfully attacked. It is not enough to assume that your stack of security solutions checks a box and your responsibility is done. Having confidence in your organisations’ ability to block attacks should come from knowing that malicious malware is stopped before it can encrypt, protecting your environment, your customers, your brand, and your bottom line.”
[To share your insights with us, please write to firstname.lastname@example.org]