A fifth (20 per cent) of UK businesses have already invited hackers to assess their cyber security and systems and a further 37 per cent are open to the idea.
The report from Radware finds that three in five respondents experienced a cyber attack in the last 12 months.
Concerns over the growing threat lead four in five respondents to state that security is now a CEO-level concern while 33 per cent state that a change in C-level awareness is critical in order to thwart the latest attacks.
Among the leading concerns for executives is the Internet of Things (IoT), with connected devices identified by 29 per cent as ‘extremely likely’ to be a target for cyber criminals over the next three to five years.
Although businesses understand the threat, many are unsure how or where to direct their resources to defend against it, leading to the consideration of hiring an ex-hacker.
Ransomware is high on the agenda too, with around one in seven respondents experiencing a ransom attack over the last year. In fact, at least three companies said they were under attack at the time of the survey.
Although UK executives express an unwillingness to pay a ransom, with 9 per cent saying they would pay, compared to 23 per cent in the US, seven of 11 who admit they had been attacked did pay the ransom, compared to five out of 17 in the US. There is also a contrast in the ransom amount, with the US average of £5,235 dwarfed by the UK average of £22,218.
Hiring ex-hackers a ‘fundamental part’ of cyber security
Adrian Crawley, regional director for Northern EMEA at Radware believes that hiring ex-hackers will be a fundamental part of corporate security strategy in the future as companies look for ways to stay ahead of new and sophisticated attackers.
He says, ‘Businesses need to get prepared fast, and there’s no better way than to see an attack than through the eyes of a hacker. I think we’ll see the trend to seek the opinion of an ex-hacker grow exponentially in the next year as businesses review their blind spots.
‘Ex-hackers are well equipped to identify specific weaknesses, spot a fake ransom attack and can be employed to legitimately break the network and advise where security improvements are needed.’
Close to two thirds of executives report that their general IT spending increased by between 10-59 per cent within the last year. However, 60 per cent of UK respondents say they do not know how much their company is spending specifically on implementing safeguards against hackers.
Despite this, many understand the impact that a cyber attack can have with operational loss and brand reputation loss identified as the biggest threats (mentioned by 32 per cent and 31 per cent respectively).
A further 27 per cent of UK executives cite revenue loss as the biggest impact of cyber security attacks, with 34 per cent of UK executives estimating that an attack would cost them between £70,000 and £175,000.
Crawley says, ‘In our ERT survey earlier this year, in 50 per cent of cases the organisations surveyed had no idea why they had been attacked. Our new report demonstrates that many executives do not know how much they are spending on cyber defence either.
‘It’s clear the warning lights are flashing, more than half of UK executives do not know how much their company has spent on fighting attacks or implementing safeguards to prevent future attacks. Awareness of cyber threats needs to grow not just in boardrooms but throughout the organisation so that potential vulnerabilities can be identified and closed off to attackers as soon as they are found.’