Half of UK companies expect to be entirely operational 48 hours after a large-scale cyber security breach – when the actual recovery time can take months, according to a report by insurance broker, Lockton.

Lokcton said a survey of senior decision-makers found only 2% of UK businesses think a breach will affect them for more than 10 days.

Reputational damage 

Reputational damage is one of the most recognised impacts on a business following a loss of third party data, identified by 63% of businesses in Lockton’s report.

Yet only a quarter (26%) of UK companies say the head of PR and communications is involved in cyber breach scenario planning at all.

Also, just 42% of businesses include managing public relations in their current response protocol for a loss of third party data, making this the action least likely to be undertaken following an attack.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The full Lockton report is available at Cyber Aftershock: How UK companies underestimate the seismic waves produced by a data breach,

Peter Erceg, SVP of Global Cyber & Technology at Lockton said: “The fact that so few businesses are aware of the aftershocks caused by a cyber attack is concerning. It can take several months, if not years, to become entirely operational again after a large-scale breach – and for some firms a full recovery may be bridge too far. UK businesses are currently unprepared for the seismic waves that can decimate an organisation caught unaware.”

Erceg noted that a large-scale leak is impossible to hide, so communicating this proactively and properly to stakeholders – both internal and external – is vital.

He said: “In recent times a number of big brands have become synonymous with the large, well-publicised attacks that have befallen them, in part because they didn’t take communication seriously enough. It could take years for them to shed that stigma.”

Potential cost

The report also found that only half of UK businesses (52%) take into account loss of customers as a potential cost when calculating the possible business impact of a cyber breach.

They are most likely to consider lost revenue (72%) and the cost of data loss (69%).

Other costs – such as a forensic investigation (33%) or reviewing policies (36%) or regulatory fines (46%) are being forgotten.

Erceg noted these ‘invisible’ costs of a cyber attack are often the mostly costly and damaging. “The less quantifiable costs of a cyber attack take the longest for a business to recover from,” he said.

.”