A new government report has warned that senior executives at many of the UK's largest firms still do not fully appreciate the impact a cyber attack could have on their company.
The Cyber Governance Health Check report from the Department for Digital, Culture, Media and Sport and the National Cyber Security Centre found less than a fifth of boards at FTSE 350 firms (16 per cent) have a comprehensive understanding of what the impact of any such incident would be.
What's more, while the vast majority of companies (96 per cent) have a cyber security strategy in place, and 95 per cent have a cyber security incident response plan, only around half (57 per cent) actually test these contingencies on a regular basis.
Commenting on the figures, Gavin Cartwright, associate partner for cyber security at EY, said: "With only one in five FTSE 350 companies undergoing a cyber simulation last year, the report highlights that cyber security is still not fully embedded in the culture of many of these companies."
However, there was some positive news in the study, with overall awareness of cyber threats on the rise. Almost three quarters (72 per cent) of respondents now acknowledge the risk of cyber threats is high, which is a big improvement from only just over half (54 per cent) in 2017.
Digital minister Margot James said: "The UK is home to world leading businesses, but the threat of cyber attacks is never far away. We know that companies are well aware of the risks, but more needs to be done by boards to make sure that they don’t fall victim to a cyber attack."
She added that while there is clearly a lot of work to be done, it is encouraging to see improvements are being made.
One factor that may have had an impact on how companies approach cyber security is the implementation of the EU's General Data Protection Regulation (GDPR) last year.
More than three quarters (77 per cent) of respondents said board discussions and management of cybersecurity had increased since GDPR, with more than half of those businesses putting in place increased security measures as a result.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.