Given the costs recognised in this survey (£737k) and the fact that when GDPR comes into force the associated costs are going to increase drastically, it is shocking that so many organisations are unprepared for cyber attacks.
It is true that no organisation can ever be 100% "safe," however, there are certain controls that can be implemented to prevent becoming a likely target.
The key is to not go into this swinging blindly. Developing a well structured vulnerability assessment can help not only identify existing gaps, but also provide a road map that organisations need to take to improve their security posture.
IT decision makers at 96% of SMBs in the US, UK, and Australia believe their organizations will be susceptible to external cybersecurity threats this year, according to a new report from security provider Webroot. Although businesses are aware of these threats, 71% of respondents said they were not prepared to address them... ...A cyberattack in which customer records or critical business data were lost would cost an average of $579,099 in the US, £737,677 in the UK, and AU$1,893,363 in Australia, IT leaders estimated.
http://www.techrepublic.com/article/report-71-of-smbs-are-not-prepared-for-cybersecurity-risks/
