This year’s Cyber Governance Health Check Report of FTSE 350 companies again reiterates the lack of board understanding of the true extent of cyber risks.
The health check was launched by the UK Government in 2013 to test how the country’s top 350 companies are managing cyber risks. The report also aims to help encourage peer-to-peer comparisons of cyber risk strategies, which it hopes will enable companies to implement more effective cyber risk mitigation tactics.
Ed Vaizey – the Minister of State for Culture and the Digital Economy – said that the report shows that boards are taking cyber risks “more seriously than ever before. However progress needs to be made in understanding where key data is shared with third parties and the impact if this goes wrong.”
The survey findings are not surprising, as it has been widely reported in the past that boards do not fully understand how to effectively deal with cyber risks.
The report shows that:
- 67% of boards do not clearly understand their appetite for cyber risks;
- Only 16% of boards know where their critical data is stored with third parties;
- 51% of boards don’t understand the potential impact of a loss or disruption to key company information;
- Over 15% of boards receive very little insight about up-to-date management information and threat intelligence;
- 54% said that cyber risk is a subject that they only hear about occasionally – either biannually or when something has gone wrong.
Although 77% of businesses have allocated budget to protect their customer data, we know from previous studies that not enough is being done to address cyber risks.
More encouraging was the finding that almost 50% of boards felt that cyber risk was a top/group risk, an increase on previous years (in 2014, it was less than 30%).
Get your company’s cyber health checked
If you have not yet done so, it is advisable to get an expert assessment of your organisation’s cyber risks. A cyber health check will assess your cyber risk exposure and identify a practical route to minimise those risks. A comprehensive cyber health check will combine on-site consultancy and audit, remote vulnerability assessments and online staff surveys to identify your current cyber risks in the three key exposure areas of people, process and technology.
Using a unique four-step approach, IT Governance’s Cyber Health Check provides an analysis of your real cyber risks, as well as an assessment of the safeguards you already have in place. You will then receive a prioritised action plan for controlling those risks in line with your cyber risk appetite.