European CEOs complacent when it comes to cyber attacks

Lloyds of London surveyed senior leaders at almost 350 large European companies to explore their attitudes to cyber risks.

The findings echo recent research carried out on UK businesses.  Even companies that have been victimised don’t seem to comprehend the potential risks to their businesses and brands.

  • 92% of respondents said their company had suffered a data breach in the past five years
  • Only 42% are worried about being victims of future attacks

The level of awareness amongst European business leaders lags behind those of businesses in the USA, where penalties for poor data handling are much harsher.  However in 2018 the EU’s General Data Protection Regulation will significantly increase the fines that can be levied against European businesses.

Data breaches can range from highly sophisticated, mostly external threats to low tech internal breaches caused by either by accident, incompetence or malice.  Companies were worried about low-tech internal breaches, such as the loss of paper documents. 

The external risk most cited by respondents (51%) was being breached by hackers looking to gain financially.

Recent highly publicised breaches suggest many companies are not as data breach-ready as they think they are.  Breaches can cause business interruption and leave businesses open to financial penalties and reputational damage.  Lloyds suggests that businesses should:

Identify the risks by mapping the most likely ways a cyber incident could occur and creating plans to mitigate the risks. Plans should be regularly tested and updated

Raise organisational awareness to mitigate risks from human error.  Roll out training and set the tone from the top of the business

Develop a culture of continuous learning and information sharing on cyber risks.

The full Lloyds report can be downloaded here.

More research on the rise of cyber breaches can be found here.