Almost a third of UK firms have no cyber response plan in place - PwC report

...and 10 per cent aren't even assessing the feasibility of implementing such a plan

Nearly a third of UK organisations have no cyber response plan at all, according to PwC's Global Economy Survey 2016.

The finding is particularly surprising considering the importance many companies are now placing on cyber security following huge attacks on the likes of Ashley Madison and TalkTalk.

PwC found that in the UK, 71 per cent of respondents felt the risk of cyber crime had increased over the past two years, with a quarter of UK firms being hit by cyber attacks in that period. But it seems as if many firms don't see the cyber threat disappearing anytime soon as 51 per cent of respondents said they expect to experience cyber crime in the next two years.

This makes it all the more surprising that 30 per cent of respondents said that their organisation has no response plan - although two thirds of these respondents are currently assessing the feasibility of implementing such a plan.

"Given that it's more a matter of when you're attacked than if, all organisations should have a response plan that is relative to the size of the organisation and scaled according to its needs and budget," the PwC report reads.

"This is particularly important if you hold any kind of confidential data, which should be protected as a priority," it adds.

Impact of cyber crime

Nearly half of those who had suffered cyber crime in the past two years said that they had experienced no financial loss a result of the attack. PwC emphasised that the true financial loss in these situations can take years to quantify, and added that it is often the collateral impact that does the real damage.

Meanwhile, nearly half of the respondents said that a cyber crime would have no impact on their reputation and 58 per cent said they were not concerned about thefts to their intellectual property. PwC strongly disagreed with these respondents.

"It's impossible for a cyber crime not to have an impact on an organisation's reputation or its IP," PwC's report reads.

Interested in IT security? Come along to Computing's Enterprise Security & Risk Management Summit in November. It's free for end users to attend. Details can be found here.