John Edwards said that many firms are too relaxed about basic measures such as keeping software up to date and training staff to minimise the risk of infiltration from bad actors.
The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4.4m to Interserve Group, a Berkshire-based construction company, for failing to keep the personal information of its staff secure, which was a breach of data-protection laws.
The ICO found that the company failed to put appropriate security measures in place to prevent a cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.
The compromised data included personal information such as contact details, national insurance numbers and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation and health information.
“The biggest cyber risk businesses face is...