The Government’s Cyber Governance Health Check examines the approach to cyber security of the UK’s FTSE 350 companies.
The 2018 report published this week reveals that less than a fifth (16%) of boards have a comprehensive understanding of the impact of loss or disruption associated with cyber threats. That’s despite almost all (96%) having a cyber security strategy in place.
Additionally, although the majority of businesses (95%) do have a cyber security incident response plan, only around half (57%) actually test them on a regular basis.
Awareness of the threat of cyber attacks has increased. Almost three quarters (72%) of respondents acknowledge the risk of cyber threats is high, which is a big improvement of only just over half (54%) in 2017.
The implementation of the General Data Protection Regulations (GDPR) in 2018 has had a positive effect in increasing the attention that boards are giving cyber threats. Over three quarters (77%) of those responding to last years health check said that board discussion and management of cybersecurity had increased since GDPR. As a result over half of those businesses had also put in place increased security measures.
Digital Minister Margot James said: “The UK is home to world leading businesses but the threat of cyber attacks is never far away. We know that companies are well aware of the risks, but more needs to be done by boards to make sure that they don’t fall victim to a cyber attack.
“This report shows that we still have a long way to go but I am also encouraged to see that some improvements are being made. Cyber security should never be an add-on for businesses and I would urge all executives to work with the National Cyber Security Centre and take up the government’s advice and training that’s available.”
If you would like to join our community and read more articles like this then please click here.
Cyber Essentials is a government-backed, industry-supported scheme. It helps businesses win more public sector contracts, by ensuring that they comply with mandatory requirements for cyber security. To learn more click here.