More than a third of business chiefs in the UK believe their companies will be hacked at some point in the next 12 months and it's telecoms and utility firms that are most at risk.
More than half of top executives working in the two sectors believe they will be targeted – more than those in the banking, insurance or retail business.
This outlook, along with other factors such as the value of the sensitive information they hold and how much they spend on security places them at the highest risk of cyber attacks, according to new research from cyber security firm CGI and the Centre for Economics and Business Research.
Each business puts a £52.5m price tag on the value of secure information holds, such as commercial data and intellectual property and companies estimated the impact of not having access to that data at as much as £2m each.
But, that figure fails to take into account the wider costs associated with cybercrime such as reputational damage, employing lawyers, fixing the problem and other intangible assets. This is likely to take the costs to business running into tens of millions of pounds, said CGI head of security Andrew Rogoysk.
The high-profile hack of Talk Talk last year cost the telecoms business £60m while Sony’s email hack cost the company $15m (£10.4m).
The damage to brand and reputation from an attack were deemed to have the biggest impact, according to the more than 150 top bosses surveyed. Telecoms executives, however, cited the impact of share price or financial performance as the greatest, likely down to the Talk Talk hack. Shares in the telecoms firm plummeted in the weeks following the attack.
“In the short term they [attacks] do have an impact on share price and increasingly so. Companies suffer much more now than they did five years ago for instance. It’s an indicator of competence and especially in customer facing companies, when people can easily change provider,” said Rogoysk.
“UK boardrooms are struggling to get a handle on the cyber security issue. Boards know it is a risk but are uncertain in their approach, often failing to prioritise spend on cyber security. Unless more is done to improve understanding and governance at the highest level we can expect to see more high profile breaches” he warned.
Talk of cyber security in the boardroom happened only every few months for most respondents.