UK government report says more companies understand cybersecurity risk, but still lag
Brexit is understandably dominating the news out of Britain these days. But although there’s a lot of uncertainty in the business community, life goes on. And since 2013, the government has conducted a cybersecurity survey of the nation’s largest companies, the FTSE 350. While the basic conclusions of what it calls the FTSE 350 Cyber Governance Health Check are positive–finally, board members understand the gravity of cyber threats—there’s still work to be done.
Most companies, the report says, finally are coming to grips with the cybersecurity threat. In 2013, only 25 of the FTSE 250 saw cyberthreats as a big risk. That figure is now 72 percent. Boards are still lagging, however. While 54 percent of those studied get it, almost half do not understand their company’s critical information, data assets and systems.
When more specific questions were asked, though, things get worse. While almost all businesses–96 percent—have a cybersecurity strategy, nearly half do not have a dedicated budget to carry out that strategy. Only a bit more than half, or 57 percent, test their incident response plan. And a large majority—77 percent–of FTSE 350 businesses don’t recognize the risks associated with businesses in the supply chain with whom they have no direct contact.
“Senior leaders and boards have a significant role to play in resolving this issue and managing the cyber security risks an organisation faces – they cannot be solved by the IT department alone,” said Margot James, the UK minister for digital and the creative industries. “Having a better understanding of the potential impact of cyber attacks will equip boards and business owners to recruit the right staff and to take appropriate control of managing their cyber risks.The 2018 Health Check provides us with a compelling case for continued and enhanced action to embed cyber security risk management by company boards and executives.”