As many as 68% of company boards have no formal cybersecurity training to deal with incidents of cyber attacks and data breaches.
A recent government survey of businesses has revealed that several company boards do not have a plan in place to respond to cyber incidents.
The FTSE 350 Cyber Governance Health Check Report 2017 that was released by the Department for Digital, Culture, Media & Sport last night has revealed the preparedness of the UK’s large enterprises and their boards for tackling cyber incidents.
The survey came up with some very bright indicators as well as several challenges that need to be addressed by company boards if they are serious about tackling future cyber threats.
It revealed that 57% of company boards now have a clear understanding of the potential impact of cyber incidents that result in breaches as well as loss of data. Another positive indicator of their preparedness is that 54% of company boards now view cybersecurity as a top risk compared to other risks faced by companies.
Out of 105 businesses that responded to the survey, 31% also revealed that they receive comprehensive and informative management information on cyber risks. 6% of them also stated their businesses were compliant with the requirements of the General Data Protection Regulation (GDPR).
However, 53% of company boards also admitted to the fact that the Board is only provided with some information on cyber risk. 13% of board members also consider the cyber threat as a low-level risk instead of as a high priority risk.
However, mere intentions may not be relevant as many as 68% of company boards did not receive any formal cybersecurity training to tackle cyber risks and 10% of them do not have a plan in place to respond to cyber incidents.
Responding to the results of the survey, Digital Minister Matt Hancock has warned about “the devastating effects of not getting our approach to cyber security right” and also said that the UK has “a long way to go until all our organisations are adopting best practice”.
“Cyber maturity among FTSE 350s needs to improve at a faster rate to ensure we can stay ahead of future cyber security challenges. This year’s report shows that a small number of FTSE350 businesses are continuing to operate without plans in place for managing cyber incidents. This is increasingly irresponsible.
“As we approach the deadline to introduce new regulation such as the General Data Protection Regulation, businesses should continue to prepare themselves for the responsibilities that come with these new requirements,” he added.
According to Jon Geater, CTO at Thales e-Security, businesses cannot afford to wait for an attack to take place before introducing a sophisticated data protection strategy. They must recognise the dangers that cyber attacks pose for companies’ bottom lines, reputation, customer retention and employee confidence and must focus completely on robust encryption and key management strategies.
“In order for companies to prevent the sensitive data from falling into the hands of a malicious hacker, and becoming tomorrow’s headlines, boardrooms need to ensure that cyber and data security feature prominently on their day-to-day agendas,” he added.