More than a third of businesses lack a formal strategy against cyber attack, according to a new report published by the Institute of Directors and Barclays.
There have been a number of high-profile attacks on the digital economy over the past year, including the hacking of 40,000 customer customer accounts at Tesco Bank in November.
In the survey of 845 members of the Institute of Directors, conducted in December 2016, 95 per cent of respondents said they considered cyber security to be quite or very important to their business, although 40 per cent of businesses said they would not know who to report incidents of cyber crime to.
Some 39 per cent of respondents felt vulnerable to the threat of cyber crime on their work laptops, and 57 per cent on their mobiles.
The number of businesses preparing themselves for these attacks has not however increased since last year, with only 56 per cent of companies saying they have a formal strategy in place to protect business devices and data.
Only 44 per cent provide cyber awareness training for staff, though seven out of ten say they use six passwords or more across their accounts.
"This report has revealed that business leaders are still putting cyber security on the back burner", according to Stephen Martin, Director General of the Institute of Directors. “The results, even for small and medium-sized businesses, could be catastrophic.This isn’t an IT issue, it’s a business survival issue.”
Adam Rowse, Head of Business Banking at Barclays, thinks “more must be done to help businesses recognise the threat an attack could have not just on their bottom line, but to their reputation or even future existence. Keeping customers’ data safe and secure is a legal responsibility so they need to prepare for the unforeseeable.”
The report praises government steps to protect businesses and consumers, such as founding the National Cyber Security Centre within GCHQ last year, but says more must be done by companies to protect themselves.