October 13, 2013 5:05 pm

UK business faces cyber security challenge

More than half the finance directors at the UK’s biggest companies say they do not have enough information to stave off cyber attacks effectively.

The findings from big four accountancy firm PwC follow the recent government initiative to help companies fight serious cyber attacks, amid growing concerns about cyber threats.

Fifty-three per cent of chief financial officers or financial controllers at 196 UK and global companies surveyed by PwC said they had “very little or insufficient data to manage cyber risk well”. That is despite 58 per cent of the companies surveyed indicating that they faced “substantial or critical” cyber security risks.

“Boards and business leaders are increasingly aware of organised and rapidly evolving cyber threats, but there remains a wide gap between this knowledge and what many are able to do about it,” said Brian Furness, a partner at PwC.

Only 12 per cent of the respondents told PwC that they had a formal process for assessing technology-related risks to their company, such as hacking.

“In challenging economic times it is the role of the successful finance function to support organisations’ attempts to mitigate these threats. The best are already doing this but others have a way to go,” Mr Furness added.

The research was conducted by PwC throughout this year and formed part of an annual review of companies’ finance functions – including compliance controls, and accounting efficiency.

Last month, more than a dozen men were arrested for their alleged involvement in two separate cyber attacks against Barclays and Santander.

The thwarted cyber attack against Santander involved suspects allegedly attempting to access computers remotely at one of the bank’s branches in southeast London, by using a device that could be fitted to a computer within the branch to enable transmission of the device’s contents.

The increasing number of cyber attacks has become a concern to the UK’s financial regulator, and the Prudential Regulation Authority has already asked banks to provide detailed information about their resilience to such attacks.

Last month the UK became the first country to openly declare that it is developing the capability to carry out offensive cyber attacks against other nations.

Philip Hammond, defence secretary, said in September that the UK was “developing a full spectrum military cyber capability, including a strike capability”. He said the government’s efforts to bolster its cyber combat capabilities included employing hundreds of computer experts as reservists in the armed forces.

Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.