Following the news that Tesco has carried out a cyberattack stress test for the first time, which found that a breach could cost it up to £2.4 billion in fines,

David Bicknell, Principal Analyst in the Thematic Intelligence team at GlobalData, a leading data and analytics company, offers his view:

“CEOs learning about Tesco’s cyberattack stress test will be rightly asking themselves: ‘Why haven’t we done one of those?’” Company IT security officers should be expecting an email asking the question on Monday morning. They’d better have a good answer ready.

“A cyberattack can bring a company to its knees and severely impact its reputation. Since the beginning of 2021, directors have told the Australian Institute of Company Directors (AICD) and the Australian Information Security Association (AISA) that cybercrime and data security is the number one issue that keeps them ‘awake at night’. Only around half (51%) of directors say that their board has sufficient oversight of cybersecurity threats.

In its annual report Tesco warned that a significant data breach poses a reputational risk, resulting in a decline in customer sentiment and an adverse trading impact. For Tesco, read every major company in every sector.

“In the wake of the Russia-Ukraine conflict, the cyber threat landscape has markedly increased. A year after the Colonial Pipeline ransomware attack in the US, there are very real risks that critical national infrastructure and businesses could face new attacks. No company or organization is safe from attack, and no CEO should be blasé enough to think ‘it can’t happen to us.’ It can and will.”

Listen to David’s release here at GlobalData’s Podcast. The podcast is available on Youtube or Spotify.