back to article 10% of UK's top firms would be screwed in a cyber attack – survey

Most of the UK's top businesses are underprepared for new data protection rules, while 10 per cent have no response plan for a cyber attack, according to a government survey. This year's annual cyber governance health check (PDF) asked FTSE 350 companies about both their cyber security and data protection measures – the latter …

  1. K

    BS... That is way to over optimistic, I'd reverse that figure

    50% of companies don't have a plan, 40% have an untested one, whilst 10% have a tried and tested..

    Then there is the question of how prepared are they to detect an attack, over the past 4 years I've worked at 3 different companies, only 1 of them was properly prepared. My current company (its in the FTSE) doesn't even have an IPS/DPS or EndPoint Security on their customer facing infrastructure (its AWS, .. doing security like its 1999!). If we got hit, we would never detect - though thankfully we are now changing that.

    And the one that was properly prepared, was a SME company with about 200 staff... which ironically went backrupt (hmm perhaps I overspent?!)

    A/C to protect the innocent.. and my job :D

    1. Anonymous Coward
      Anonymous Coward

      Re: BS... That is way to over optimistic, I'd reverse that figure

      A/C to protect the innocent.. and my job :D

      I hate to break this to you, but you didn't post A/C...

      1. K
        Facepalm

        Re: BS... That is way to over optimistic, I'd reverse that figure

        Doh! And Meh.. I wasted the chance for an icon..

  2. Anonymous Coward
    Anonymous Coward

    Not entirely convinced.

    We get hundreds of door knocking bots an hour.

    We get one or two serious attacks a week.

    We get one or two successful attacks (as in something compromised) a year.

    We get one staff member murdered a decade.

    Our processes aren't perfect, but they are well rehearsed.

    1. Chris King
      Coat

      "We get one staff member murdered a decade.

      Our processes aren't perfect, but they are well rehearsed".

      Boy, you've got some rough employee termination procedures there !

      Mine's the one with the Kevlar lining...

  3. Will Godfrey Silver badge
    Meh

    But it'll never happen to us

    We don't have any enemi<click> no carrier

  4. Anonymous Coward
    Anonymous Coward

    10% of companies have thought about this and reckon they'd be screwed.

    The other 90% haven't thought about it.

  5. Daedalus

    Bored level?

    The suits probably think of it the way they think of lorry maintenance, or electricity bills.

    "Don't we pay someone to look after that?"

    1. Boris the Cockroach Silver badge
      Holmes

      Re: Bored level?

      Or more likely

      "we fired that area of the business as it never made us any money"

  6. Doctor Syntax Silver badge

    "Meanwhile, a quarter of boards said they have no defined role in a company-wide response to an attack"

    On the basis that they might well do more harm than good this might be an advantage.

  7. Anonymous Coward
    Anonymous Coward

    Cyber sec has been acknowledged our top single risk for at least the last 5 to 10 years. We also have critical apps running on ancient versions of Java; and even Fortran IV code knocking about in production.

    We have people that know what needs to be done. Funding isn't there to resolve the problems and management in between are insipid.

    One attack in the wrong place, close to home, and that attitude will change overnight.

    Anonymous coward, like so many others, for fear of A) identifying the company in question and B) job security. Rest assured it's a large employer with national dependencies.

    1. Doctor Syntax Silver badge

      Keep the FORTRAN IV and get rid of the rest.

  8. bigbob

    Define cyberattack

    90% are prepared for a "cyberattack" from a DDOS (eg betting company ransom demands)

    10% are prepared for a "cyberattack" from an SQL injection steal of their customer database (eg Talk Talk)

    1% are prepared for a "cyberattack" from an APT (eg Sony)

  9. Anonymous Coward
    Anonymous Coward

    it's not "would . . ." it's "are" . . .being screwed but don't know it

    Haven't most UK firms •already• been penetrated, with black hats quietly sitting back until the right/wrong time?

    Reference: us office of personnel management - where the sales demo 'one day you'll need one of these iDS' became an 'ooh, wonder where all those packets are going!'

    https://www.lawfareblog.com/why-opm-hack-far-worse-you-imagine

  10. TWB

    Yeah but....

    Having worked for years in a place that tried to practice disaster scenarios, those scenarios never occurred, but having staff who understood how things worked meant that we could work out what to do when the shit hit the fan as it did from time to time.

    Having said that I'm surprised that something more serious has not occurred to date.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like