British businesses are still not doing enough to protect themselves from costly cyber attacks, experts have warned ahead of a major conference on cyber security tomorrow.
The Public Policy Exchange is hosting the high-level summit with the aim of ensuring the police, public and private sectors, industry and government might better work together to lower the risk and enhance cyber security.
In order to combat the growing threat of cyber attacks, experts recommend measures including improved training for staff and greater discussion of the risks at board level.
According to government research released last weekend two thirds of large British businesses have been targeted by a cyber attack in the past year, with a quarter experiencing some kind of cyber incident on a monthly basis.
Such attacks exact a heavy financial toll. Research released by consultancy Cebr last year found that cyber attacks were setting businesses back £34bn a year in increased IT expenditure and lost revenue.
The Open University warned today that businesses wrongly believe that upgrading their systems will keep them safe. They are neglecting the human element involved in seeing off cyberthreats, despite recent government research showing that only 17 per cent of firms had given their staff cyber security training in the past year.
"It is important to recognise that a firm’s cyber security measures cannot simply rely on the expertise of a skilled IT team," said Steve Hill, director of external engagement at The Open University. "Knowledge about best practice must be widespread across an organisation."
Read more: Cyber security training outdated for many
The government also found that more than half (54 per cent) of boards at FTSE 350 companies only hear about cyber security incidents on an occasional basis, or when something actually goes wrong.
Workforce solutions company Gibbs S3 is urging companies to think about how they can move cyber security up boardroom agendas.
"[Cyber security] needs to be discussed on a more regular basis; waiting until the damage has been done is an incredibly risky strategy," said Farida Gibbs, CEO and founder of Gibbs S3. "Cyber security is often perceived as being less business critical than implementing the latest digital innovations, but as seen by TalkTalk and Ashley Maddison, one severe breach can do incredible damage to a company’s reputation."