Company Directors Must Become Cyber Aware

Company boards at some of the UK’s biggest companies still don’t fully understand the potential impact of a cyber-attack according to a new report.
 
• Many FTSE 350 boards still don’t understand the impact of a cyber-attack on their business
• Incident plans are in place but are not tested thoroughly enough
• New measuring tool will help firms manage their cyber risk more effectively
 
Boards at some of the UK’s biggest companies still don’t fully understand the potential impact of a cyber-attack according to a new report.
 
The Government’s Cyber Governance Health Check looks at the approach the UK’s FTSE 350 companies take for cyber security.  The 2018 report shows that less than a fifth (16%) of boards have a comprehensive understanding of the impact of loss or disruption associated with cyber threats. That’s despite almost all (96%) having a cyber security strategy in place. 
 
Additionally, although the majority of businesses (95%) do have a cyber security incident response plan, only around half (57%) actually test them on a regular basis.
 
The UK is home to world leading businesses but the threat of cyber-attacks is never far away. We know that companies are well aware of the risks, but more needs to be done by boards to make sure that they don’t fall victim to a cyber-attack.
 
This report shows that we still have a long way to go but I am also encouraged to see that some improvements are being made. Cyber security should never be an add-on for businesses and I would urge all executives to work with the National Cyber Security Centre and take up the government’s advice and training that’s available.
 
Awareness of the threat of cyber-attacks has increased. Almost three quarters (72%) of respondents acknowledge the risk of cyber threats is high, which is a big improvement of only just over half (54%) in 2017.
 
The implementation of the General Data Protection Regulations (GDPR) in 2018 has had a positive effect in increasing the attention that boards are giving cyber threats. Over three quarters (77%) of those responding to last year’s health check said that board discussion and management of cybersecurity had increased since GDPR. As a result, over half of those businesses had also put in place increased security measures.
Ciaran Martin, CEO of the NCSC, said:
 
Every company must fully grasp their own cyber risk, which is why we have developed the NCSC’s Board Toolkit to help them. This survey highlights some urgent issues companies will be able to address by putting our Toolkit’s advice into practice.
 
Cyber security is a mainstream business risk, and board members need to understand it in the same way they understand financial or health and safety risks.
 
Meanwhile, more work is being done to improve the cyber resilience of business, and a new project has been announced that will help companies understand their level of resilience. The cyber resilience metrics will be based on a set of risk-based principles to allow firms to measure and benchmark the extent to which they are managing their cyber risk profile effectively.
 
Once developed these indicators will provide board members with information to understand where further action and investment is needed.
 
Government is recommending the Boards continue to make improvements to their cyber security. This includes using the guidance published by the National Cyber Security Centre (NCSC) to improve the management of risks. Companies should also ensure that cyber risks are taken into account in their business strategy and appoint a Chief Information Security Officer (CISO) or other appropriately placed staff members who can clearly communicate information about cyber risks to the board.
 
Gov.UK
 
You Might Also Read:
 
What Should You Do If Your Business Is Hit by a Cyber Attack?:
 
 
« Ukraine Battles To Combat Election Hackers
Security Flaw Puts UK Bank Customers At Risk »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

eSentire

eSentire

eSentire is the authority in Managed Detection and Response Services, protecting the critical data and applications of organizations from known and unknown cyber threats.

Hack Miami

Hack Miami

HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of IT security.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

Coro Cybersecurity

Coro Cybersecurity

Coro (formerly Coronet) empowers organizations to protect against malware, ransomware, phishing, and botnets - across devices, users, and cloud applications.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

International Data Sanitization Consortium (IDSC)

International Data Sanitization Consortium (IDSC)

IDSC is a group composed of individuals and companies dedicated to standardizing terminology and practices across the data sanitization industry.

AttackIQ

AttackIQ

AttackIQ delivers continuous validation of your enterprise security program so you can strengthen your security posture and your response capabilities.

BrandShield

BrandShield

BrandShield is an anti-counterfeiting, anti-phishing and online brand protection solution.

CHEQ

CHEQ

CHEQ provides fully autonomous, preemptive technology for brand safety and ad-fraud prevention.

Soteria

Soteria

Soteria is a global leader in the development, integration and implementation of advanced cyber security, intelligence and IT solutions, delivering complete end-to-end solutions.

Varen Technologies

Varen Technologies

Varen Technologies is an innovative consulting partner with highly respected cyber security, analytics, Agile Software Development and IT/maintenance expertise.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

Parablu

Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.