The annual Cyber Governance Health Check has shown that 68% of the UK’s top business board members have received no training in how to respond to a cyber attack.
No Plan For One In Ten FTSE Companies
Also, according to the report from The Department for Digital, Culture, Media & Sport (DCMS), even though 54% acknowledge that cyber attack is a top threat to their business, 10% of the FTSE 350 companies don’t have a plan in place for what to do in the event of an attack.
The report shows that although board-level awareness on the importance of cyber security has risen by almost 10% over the year (up from 21% to 31%), two-thirds of UK Board members are not up-to-date with cyber security risk information.
Customer Data Safety
On a slightly more promising note, however, 50% of board members said that they review and challenge reports on the security of customer’s data.
Better Training Needed
The survey results have prompted industry experts to rally senior executives and their staff to get proper training in managing cyber attacks in order to ensure that companies can minimise damage to their systems and reputation, and avoid possible lawsuits.
Adopting Best Practice
Digital Minister Matt Hancock has publicly acknowledged that there is a need to adopt best practice in cyber security to avoid the devastating effects of a cyber attack in the first place. Mr Hancock has highlighted how the UK’s world-leading businesses and charities are naturally going to be targets for hackers. It is therefore vital that senior executives work with the National Cyber Security Centre and heed Government’s advice and training.
UK charities can also take advantage of a tailored programme of support that has been developed alongside the Charity Commission and the National Cyber Security Centre.
What Does This Mean For Your Business?
Cyber crime is a major threat to all UK businesses and organisations, and knowledge about it is no longer something that can be left to the IT Department. Given the level of risk that cyber crime poses to the very life of the business, board members and senior executives should be among those most well informed, should be prioritizing and championing the promotion of cyber security best practice throughout the company.
If businesses have not done so already, now is the time to prioritise the issue and make sure that basic cyber security steps are taken at the very least - see https://www.cyberstreetwise.com/cyberessentials/
Now may also be a good time therefore for businesses to seek other professional advice about measures that could be taken to ensure cyber resilience in the first place, such as quality cyber security training for all staff (including Board members), health checks, risk assessments / audits, cyber security policies, Business Continuity and Disaster Recovery Plans.