UK company boards not informed enough about cyber security

UK company boards not informed enough about cyber security [Image: Rawpixel Ltd via iStock]

A new government report has revealed that UK businesses should be doing more to educate their boards about cyber security.

The annual Cyber Governance Health Check 2017 is intended to understand and improve how FTSE350 companies are managing cyber security risks.

Matt Hancock, the UK’s digital minister, said: “Our economy is a digital economy. Cyber security is critical to the successful growth of this digital economy. Working together, government and businesses can help to deliver the shared goal of making the UK the safest place in the world to do business online.”

This year’s survey found that 57 per cent of company boards have a clear understanding of the potential impacts resulting from a loss of, or disruption to, key information or data assets. This is up from 49 per cent in 2016.

Meanwhile, 54 per cent of boards reported that cyber risk is one of the top threats to their companies. This was also up from 49 per cent in the previous survey.

However, 68 per cent said they had not received any training to deal with a cyber incident, while ten per cent have no plan in place to deal with any cyber security incident.

For the first time, the survey found that the largest proportion of respondents say their board does review and challenge reports on the security of their customers’ data (50 per cent). However, the margin between those who review and challenge reports, and those who do not (46 per cent) is still small.

The results have prompted calls for businesses to better educate their workforce, particularly at board level, about the importance of cyber security. Speaking to Computer Weekly, Laurance Dine, managing principal of investigative response at Verizon, said: “Ultimately, we’ll continue to experience the same problems until organisations start to take cyber security more seriously; treating it as a business-level concern, rather than an IT problem.”