Senior-level executives at some of the UK’s biggest companies still do not fully understand the potential impact of a cyber attack according to a report from the Department for Digital, Culture, Media & Sport.
The Cyber Governance Health Check looks at the approach the UK’s FTSE 350 companies take for cyber security. The 2018 report published this week shows that only 16% of boards surveyed in the Health Check have a ‘comprehensive understanding’ of the impact of loss or disruption associated with cyber threats. That’s despite almost all – 96% – having a cyber security strategy in place.
Additionally, although the majority of businesses – 95% – do have a cyber security incident response plan, only 57% actually test them on a regular basis.
Awareness of the threat of cyber attacks has increased, the report found. Almost three quarters – 72% – of respondents acknowledged that the ‘risk of cyber threats is high’, which is a improvement on 54% in 2017, the Cyber Governance Health Check notes.
The activation of GDPR (General Data Protection Regulation) in May 2018 has had ‘a positive effect in increasing the attention that boards are giving cyber threats’, the Health Check concludes.
More than three quarters –77% – of those responding to the 2018 Health Check said that boardroom discussion and management of cyber security had increased since GDPR took effect. As a result more than half of those businesses polled by the Health Check had also put in place increased security measures.
More information at:
https://www.gov.uk/government/publications/cyber-governance-health-check-2018