Cybersecurity complacency could be leaving UK retailers exposed to risk, says the latest research from data security firm, Cohesity.

Original research of 400 IT security and data decision-makers in the UK by Cohesity reveals almost half (43%) believe their cyber defences are ‘watertight’ and require ‘little to no improvement’.

Overconfident & underprepared

However, the same poll found that almost three quarters (71%) of UK firms had paid a ransom in the past 12months after a security breach, with a third of organisations (33%) having shelled out over thee quarters of a million pounds (£760,000) or higher in ransom following a cyberattack.

“Our research shows a large portion of British businesses are overconfident but underprepared when it comes to cybersecurity,” Fraser Hutchison, VP Northern Europe at Cohesity, commented.

The aftershocks of cyberattacks were found to have spread beyond just revenue. While 84% said sales were impacted – with a third (31%) estimating the loses resulting from a breach amounted to up to 10% of their annual revenues – three quarters (76%) saw their stock price negatively impacted.  

Misjudging the material impact of cybercrime

“Most organisations are still misjudging the true material impact of cyberattacks; from recovery costs and the effect on earnings and stock price to legal, regulatory, and compliance consequences,” Hutchison continued.

Just last week, M&S revealed that the high profile cyber attack that impacted its business earlier this year and shut down its ecommerce channel for several weeks, would set it back by an estimated £136million by 2026. This included an £83million charge for the immediate response and recovery teams, while £18.6million is thought to have been spent on specialist legal and professional services support.

Hutchinson added that a “bigger focus on response and recovery” was required to allow firms to “better respond to and bounce back from cyberattacks, which are now an inevitability.” 

The poll also found that 90% of British companies had to lean on cyber insurance to cover recovery costs, whilst 91% stated that cyber insurance did not adequately cover recovery costs. The findings prove that cyber threats are evolving much faster than insurers can model them, whilst businesses are viewing insurance as the first line of defence, when it should be the last.