Only 35 percent of small to medium-sized enterprises have a comprehensive disaster recovery programme in place.
Half of all companies that lose their data go out of business overnight and some 90 percent are reported to not survive more than two years.
Breach said that hardening a company’s systems can be expensive, but leaving them open to attack is, sooner or later, going to be more expensive – as well as potentially catastrophic to a business.
“If you have an internal IT team some measure of protection can be gained,” Breach said. “But be mindful that fraud is often perpetrated by people inside the circle.
“It is wiser to employ an external agency to give an independent view of your vulnerabilities.”
He added: “If you have never encountered a disgruntled employee, or you simply can’t understand why anyone would want to target your installation, then you need to know that many attacks on internet and network systems are not aimed at specific organisations.
“A mass broadcast can use unprotected systems as staging posts to reach other vulnerable systems, making it more difficult to detect the originating criminal, while at the same time exponentially increasing his chances of successfully hitting a soft target.”
Breach advocates a business continuity plan should be drawn up to ensure companies are prepared for a worst-case scenario.
“The plan,” he said, “should be short and readable but must be rigorous.”