Businesses in the UK have cut the amount of cash they are spending on cyber security despite the growing threat of attacks.
Budgets for security are a third of what they were this time last year, down to £3.9m on average, compared to £6.2m according to research from PwC.
The cost of attacks has fallen, however, down to £857,000 compared to £2.6m a year earlier. But the impact of attacks were felt more widely across the business in areas such as operations and data, while the uktimate cost can be hard to quantify.
Firms experienced 19 hours of down-time from incidents while 23 per cent had customer records compromised.
The findings come from PwC's annual Global State of Information Survey which surveyed nearly 10,000 senior executives from over 100 countries.
It also found that more than a quarter of firms don't know how many cyber attacks they suffered in the past year, up from the 18 per cent who said the same last year, shedding light on how businesses are handling the cyber threat.
And one in five firms were found to have no kind of preparation drills for cyber attacks. It comes in the wake of several high profile attacks which have hit business this year, including massive breaches at Equifax and Yahoo. WPP, Reckitt Benckiser (RB) and Maersk were also affected by ransomware earlier this year while a similar attack shut down some NHS services.
“Cyber attacks could happen to any organisation at any time, so it’s important that all businesses and public sector organisations are getting the basics right and continually testing their approach to prepare themselves in the right way," said PwC cyber security partner Richard Horne.
"In that critical moment when an attack hits, the ability to act quickly and effectively is key to minimising business disruption and reputational harm.”
Just two in five businesses in the UK were found to have formal partnerships with others in their industry to improve security and reduce risks, fewer than those across the rest of Europe and globally.