Company Directors Must Become Cyber Aware

Uploaded on 2019-04-01 in GOVERNMENT-National, FREE TO VIEW

Company boards at some of the UK’s biggest companies still don’t fully understand the potential impact of a cyber-attack according to a new report.
 
• Many FTSE 350 boards still don’t understand the impact of a cyber-attack on their business
• Incident plans are in place but are not tested thoroughly enough
• New measuring tool will help firms manage their cyber risk more effectively
 
Boards at some of the UK’s biggest companies still don’t fully understand the potential impact of a cyber-attack according to a new report.
 
The Government’s Cyber Governance Health Check looks at the approach the UK’s FTSE 350 companies take for cyber security.  The 2018 report shows that less than a fifth (16%) of boards have a comprehensive understanding of the impact of loss or disruption associated with cyber threats. That’s despite almost all (96%) having a cyber security strategy in place. 
 
Additionally, although the majority of businesses (95%) do have a cyber security incident response plan, only around half (57%) actually test them on a regular basis.
 
The UK is home to world leading businesses but the threat of cyber-attacks is never far away. We know that companies are well aware of the risks, but more needs to be done by boards to make sure that they don’t fall victim to a cyber-attack.
 
This report shows that we still have a long way to go but I am also encouraged to see that some improvements are being made. Cyber security should never be an add-on for businesses and I would urge all executives to work with the National Cyber Security Centre and take up the government’s advice and training that’s available.
 
Awareness of the threat of cyber-attacks has increased. Almost three quarters (72%) of respondents acknowledge the risk of cyber threats is high, which is a big improvement of only just over half (54%) in 2017.
 
The implementation of the General Data Protection Regulations (GDPR) in 2018 has had a positive effect in increasing the attention that boards are giving cyber threats. Over three quarters (77%) of those responding to last year’s health check said that board discussion and management of cybersecurity had increased since GDPR. As a result, over half of those businesses had also put in place increased security measures.
Ciaran Martin, CEO of the NCSC, said:
 
Every company must fully grasp their own cyber risk, which is why we have developed the NCSC’s Board Toolkit to help them. This survey highlights some urgent issues companies will be able to address by putting our Toolkit’s advice into practice.
 
Cyber security is a mainstream business risk, and board members need to understand it in the same way they understand financial or health and safety risks.
 
Meanwhile, more work is being done to improve the cyber resilience of business, and a new project has been announced that will help companies understand their level of resilience. The cyber resilience metrics will be based on a set of risk-based principles to allow firms to measure and benchmark the extent to which they are managing their cyber risk profile effectively.
 
Once developed these indicators will provide board members with information to understand where further action and investment is needed.
 
Government is recommending the Boards continue to make improvements to their cyber security. This includes using the guidance published by the National Cyber Security Centre (NCSC) to improve the management of risks. Companies should also ensure that cyber risks are taken into account in their business strategy and appoint a Chief Information Security Officer (CISO) or other appropriately placed staff members who can clearly communicate information about cyber risks to the board.
 
Gov.UK
 
You Might Also Read:
 
What Should You Do If Your Business Is Hit by a Cyber Attack?:
 
 
« Ukraine Battles To Combat Election Hackers
Security Flaw Puts UK Bank Customers At Risk »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

mile2

mile2

Mile2 develop and deliver proprietary vendor neutral professional certifications for the cyber security industry.

Senetas

Senetas

Senetas is a leading developer and manufacturer of certified high-assurance encryption solutions, dedicated to protecting network transmitted data without compromising performance.

Cobwebs Technologies

Cobwebs Technologies

Cobwebs Technologies provide web intelligence solutions for Law Enforcement (including cybercrime), Intelligence Agencies and Federal Agencies.

Atempo

Atempo

Atempo is a leading independent European-based software vendor with a global presence. We provide solutions to protect, store, move and recover all your data.

ENAC

ENAC

ENAC is the national accreditation body for Spain. The directory of members provides details of organisations offering certification services for ISO 27001.

Seavus Accelerator

Seavus Accelerator

Seavus Accelerator's goal is to create an enabling and stimulating environment for start-ups growth and provide continuous high quality acceleration and investment support.

MassMutual Ventures

MassMutual Ventures

Mass Mutual ventures backs companies building category-defining businesses in markets including enterprise software, digital health, cybersecurity, and fintech.

Fudo Security

Fudo Security

Fudo Security is a leading provider of privileged access management and privileged session monitoring solutions.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.

SafetyDetectives

SafetyDetectives

SafetyDetectives mission is to give our readers accurate and valuable information so they can make informed decisions about staying safe, secure and protected on the internet.

Nagios

Nagios

Nagios is a powerful tool that provides you with instant awareness of your organization’s mission-critical IT infrastructure.

Appalachia Technologies

Appalachia Technologies

Appalachia is a full service Managed Services Provider with a focus on cybersecurity, backed by the best engineers.

Vaultree

Vaultree

We believe in an encrypted tomorrow. Vaultree technology enables a foundational change in how we communicate with each other: Safely!

CryptoDATA

CryptoDATA

CryptoDATA develops products and services based on Blockchain technology, that ensure user security and data encryption, applicable in various fields.

Aim Security

Aim Security

Aim empowers enterprises to unlock the full potential of GenAI technology without compromising security. GenAI makes business better - Aim makes GenAI secure.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.