Most firms failing to report cyber security incidents and only half offer security training

43 per cent of all firms also don't know where their data is stored

A report by the Institute of Directors (IoD) and Barclays, based on a survey of 980 IoD members, has found that only 28 per cent of cyber security incidents are reported to the authorities.

Professor Richard Benham, author of the report, said firms had to wake up to the serious nature of cyber threats, urging them to make cyber security a boardroom-level issue.

"No shop owner would think twice about phoning the police if they were broken into, yet for some reason, businesses don't seem to think a cyber breach warrants the same response," he said.

"Our report shows that cyber must stop being treated as the domain of the IT department and should be a boardroom priority. Businesses need to develop a cyber security policy, educate their staff, review supplier contracts and think about cyber insurance."

The report found that only 57 per cent of firms have a formal cyber security strategy in place while less than half - 49 per cent - provide cyber security training and awareness to staff.

The IoD said this is a major failing as human error is often at the root of many cyber incidents.

"Any cyber security strategy should include awareness training to be effective. The biggest risk as technology becomes more sophisticated is human failure," it said.

Indeed, the need for such training was underlined by the fact 71 per cent of all respondents said they received bogus invoices from cyber crooks attempting to elicit payments. This is an increasingly common tactic among scammers, who often try to pass themselves off as top executives in a company to expedite payments.

This type of attack hit Snapchat earlier this week, with an email purporting to come from its CEO triggering the leak of staff payment information.

The survey of business leaders by the IoD also threw up some interesting insights into how firms are handling their data.

Over half (59 per cent) of respondents said they now outsource their data storage, underlining how popular third-party cloud environments have become.

However, worryingly, 43 per cent said they do not know where their data is actually stored.

"This is a truly frightening statistic. It effectively means businesses are losing control of their organisation's data, which may well be the biggest asset of a business," said the IoD.

Furthermore, only 20 per cent of firms hold any form of cyber insurance. However, report author Benham said he believes this will rise to 90 per cent by the time the next survey is carried out.

"With the threat of cyber attacks becoming more frequent and some household names providing credible case studies, it is no surprise that many are predicting that cyber insurance cover will become a ‘must have' for businesses," he said.

To hear more about security challenges , the threats they pose and how to combat them, make sure you sign-up for the Computing Enterprise Security and Risk Management conference on 24 November.