UK biz fails to report two thirds of cyber attacks, says survey

Just one-third of cyber attacks are being reported to the police, according to a wide-ranging survey from the Institute of Directors.

According to the survey of nearly 1,000 IoD members, one quarter said they had experienced a cyber attack in the last twelve months.

However, of those 250 directors, only 28 per cent reported the attack to the police. That was in spite of half the attacks resulting in interruption to business.

The IoD said the total number of attacks on businesses could be much higher, as directors may not be aware of any attacks or might not define other cyber incidents or data losses as “attacks.”

It noted many police forces have dedicated cyber crime units.

“The use of analytics and the role of GCHQ in catching international cyber criminals mean that every crime as a minimum should be reported to Action Fraud Aware,” said the report.

According to the research just 43 per cent of the 1,000 businesses polled know where their data was physically stored.

"This is a truly frightening statistic. It effectively means businesses are losing control of their organisation’s data which may well be the biggest asset of a business," it said.

Richard Benham, author of the report, said the report shows that cyber must stop being treated as the domain of the IT department and "should be a boardroom priority."

The report said: "It is important that directors and owners realise they do not need to be cyber experts to understand the risk but do have policies and processes to deal with any situation; in short, a plan B." ®