Almost 10% of companies in the UK are unaware they have been victim to cyber security attacks with incidents now costing an average of £1.7million, according to a new report.
The annual survey, which involved more than 10,000 executive from more than 127 countries, showed an escalation in the frequency, severity and impact of cyber-attacks.
Insiders – either current or former employers – top the list as a major source of incidents with 14% of companies unsure of how they happened.
But it was also found firms are becoming more adept at prevention and detection methods with innovation also on the rise.
Colin Slater, cyber security partner at PwC in Scotland, said sectors –including oil and gas – were at risk from attack.
He said: “Our businesses are operating in an increasingly digitally-diversified world. The flip side of this is highly sophisticated and constantly evolving cyber risks that can impact their brand, the trust of their customers and stakeholders, as well as revenues -both directly and through penalties – if not dealt with effectively.
“This week’s ruling on Safe Harbour and the upcoming changes to data protection legislation have the potential to massively impact those Scottish companies operating globally, and I doubt that many have this on their risk radar at the moment or understand the legal implications of these changes.
“This in itself highlights the speed and transient nature of these risks as well as their wide-ranging impacts on boards, tech, risk, audit, and finance. Covering all the bases in a cost effectively manner is difficult.
“Here in Scotland, reality still hasn’t hit home that the vital cogs in the wheel of our growing Scottish economy – our financial services, oil and gas and manufacturing industries in particular – are not impervious to cyber threats.
Other findings in the reports have shown a 38% increase in detected information security incidents and a 24% boost in security budgets in 2015.
Slater said the way for companies to protect themselves from cybercrime would need “strong, accountable leadership” in boardrooms with operating models where cyber security has “a voice” at the top of the table.