Skip to content Skip to footer

Loading Results

Global State of Information Security® Survey 2018

Protecting digital society from cyber shocks: how prepared are UK organisations?

The business impact of cyber attacks is increasing. Find out more about the risks and what can be done to minimise them in our latest global survey.


Across the globe, businesses are racing to implement new technologies, using data to innovate and grow in an increasingly inter-connected world. Organisations face disruption from new market entrants, emerging technology and an ever-changing threat landscape. To compete in the digital world, they must recognise and protect themselves from cyber risks and build resilience to cyber shocks - large-scale events with disruptive consequences. 

Our research reveals that organisations still aren’t getting on top of the risks they face from cyber attacks. Many don’t know how many attacks they’ve suffered nor how they occurred. Breaching an organisation by targeting its employees is the most common cause of attack. Despite customer and employee records being compromised, many organisations are leaving it to chance. They aren’t preparing for what to do in the event of an attack. And yet there are some effective steps that organisations can take to mitigate their risks, including regular testing of their cyber security defences.

Our Global State of Information Security® Survey is based on interviews with 9,500 business and technology executives from 122 countries, including 560 UK respondents. Explore the UK findings below and the full global report here

If you'd like to find out how we can help you manage your cyber security risks, get in touch using the contact details below.


"Forging close working collaborations and sharing intelligence is often the best way to tackle the latest threats. New forms of attack require new ways of working to defend our society."

Richard Horne, Cyber Security Partner, PwC

Business impact

There's no doubt that the impact across a business from a cyber attack is severe. More than a quarter of businesses (28%) don't know how many cyber attacks they've had and a third don't know how they happened. 

Although the average total financial cost of incidents decreased this year to £857,000, the impact of breaches was felt more widely across both business operations and data.

Businesses faced an average of 19 hours of down-time following an attack. Customer records were compromised at one in four organisations.


Business readiness

Despite the impact on a business from an attack, nearly one in five respondents (17%) say their organisation doesn't prepare or drill for cyber attacks.

Less than half (49%) conduct penetration tests to examine their defences. And less than half (44%) have a cyber insurance policy in place to cover the various impacts of breaches. 

The majority of UK organisations surveyed (64%) have an overall security strategy in place and 53% agree that spending of their information security budget is based exclusively on risk. However, only 34% have boards actively participating in the strategy, compared to the global average of 44%. 

Working together

UK organisations are more reluctant than their global peers to join forces with others in the fight to reduce cyber risk. 

Only two in five UK respondents (44%) formally collaborate with industry peers to improve security and reduce the potential for future risks, compared with 54% across Europe and 58% globally.

Even within their own organisations, only just over half of UK respondents (53%) have put a cross-organisational team in place - including leaders from finance, legal, risk, human resources, IT/information security functions - which meets regularly to co-ordinate and communicate information security issues. 


Contact us

Zubin Randeria

Zubin Randeria

Lead Cyber Security Partner, PwC United Kingdom

Tel: +44 (0)7710 080027

Richard Horne

Richard Horne

Cyber Security Chair, Risk and Quality Partner, PwC United Kingdom

Tel: +44 (0)7775 553373

Follow us