Some of the UK’s leading firms are not adequately prepared to deal with a cyber incident, according to a new government report.
The ‘FTSE 350 Cyber Governance Health Check Report 2017‘ found that a majority (68%) of FTSE 350 board members lacked the necessary training to deal with cybersecurity issues.
Despite this, the research revealed that 45% of boards perceived cyber risk to be a top priority. In fact, only 13% of those surveyed said cyber risk was considered to be a low or an operational-level risk for their boards.
The survey also found that almost all respondents said their company’s board had either an acceptable (52%) or clear (43%) understanding of their organisation’s key information and data assets.
Some 57% of respondents also reported a clear understanding of the potential impact of loss of or disruption to key information or data assets as a result of a cyber incident.
Additionally, some 50% of people said their board reviews and challenges reports on the security of their customer’s data. Despite this, though, the data shows that there is still a small margin between those who review and challenge reports and those who do not (46%).
Matt Hancock MP, minister of state for digital, commented on the findings: “Cyber maturity among FTSE 350s needs to improve at a faster rate to ensure we can stay ahead of future cybersecurity challenges. This year’s report shows that a small number of FTSE 350 businesses are continuing to operate without plans in place for managing cyber incidents. This is increasingly irresponsible.”
“Our economy is a digital economy. Cybersecurity is critical to the successful growth of this digital economy. Working together, government and businesses can help to deliver the shared goal of making the UK the safest place in the world to do business online,” Hancock added.