07 Mar FTSE 350 boards still don’t understand the impact of a cyber attack
The annual Cyber Governance health check FTSE 350 Cyber Governance health check published today – has some surprising findings!
The report sets out how the boards of the UK’s biggest firms must do more to be cyber aware.
- Many boards still don’t fully understand the potential impact of a cyber attack.
- less than a fifth (16%) of boards have a comprehensive understanding of the impact of loss or disruption associated with cyber threats.
- This is despite almost all (96%) having a cyber security strategy in place
- although the majority of businesses (95%) do have a cyber security incident response plan, only around half (57%) actually test them on a regular basis.
The report did show that there was a growth overall in the understanding businesses have about cyber security with 72 per cent acknowledging that the risk of online attacks was high: a significant rise from 54 per cent in 2017. 77 per cent of companies said their cyber security management had strengthened since the implementation of the EU’s General Data Protection Regulation in May 2018.
The data gathered by researchers also showed that a higher proportion of businesses in the financial services, consumer services and the technology, communications and healthcare sectors rate board understanding as comprehensive or fairly comprehensive – with 85% of financial services businesses being far more likely to have documented their appetite for Cyber Security risk.
The UK government advises businesses and their boards continue to develop their protections against and responses to cyber attacks; and recommends companies adhere to advice issued by the NCSC.
To review the report in full click here