FTSE 100 failing the cyber test

FTSE 100 failing the cyber test

They are large organisations and all of them face considerable challenges in keeping their data and IT systems secure. Yet only a tiny minority of FTSE 100 companies have a Board member with specialist cyber security experience.

Research from Deloitte this week has shown that just 5% of the FTSE 100 currently employ a director responsible for cyber risk. Just 5%!

Cyber security is now widely accepted as having strategic importance. Data breaches can adversely affect reputation (including the reputations of Board members) as well as damaging an organisation’s competitive positioning. And there is a big moral dimension too: allowing personal data to leak out can cause individual consumers enormous difficulties, from cloned credit cards and frauds to wholesale identity theft.

But all too often cyber security seems to be treated as a technical issue for overworked IT departments and cyber breaches are considered simply a cost of doing business. Perhaps that will change with the considerable fines available to regulators under the new European privacy regulation, the  GDPR,  which will come into force from May 2018.

In the meantime though Boards are all too often simply brushing the issue aside.

So what needs to change? It’s simple really. Boards need an individual who can interpret the risks their organisation faces from cyber and communicate the steps that need to be taken to senior management.

But this individual can’t be just anyone. As Jason Hart, CTO for Data Protection at Gemalto says:

“It shouldn’t just be anyone that takes up this role though, they need to have the right set of skills and qualifications. Like accountants must have certain criteria to be able to work, so must security professionals.” Mr Hart proposes that, for this to be taken seriously, an industry standard should be created so that companies be sure they are appointing the right people. Security is, or should be, a Board level issue and the person responsible needs to be appropriately qualified and experienced. “The person responsible for this really does hold the key to the business in their hands, so we need to be sure they are capable of doing so.”

That’s certainly true. And the problem goes deeper than qualifications. The difficulty is that many senior executives simply don’t recognise the value of cyber security and cyber resilience. This is illustrated by recent research from the Ponemon Institute (registration required) that indicates that under half (45%) of UK organisation leaders recognise that revenues can be affected by cyber resilience and only slightly more (46%) recognize the effect on reputation. With this degree of scepticism at Board level is it surprising that cyber security fails to get the attention it deserves?


Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]