Board members aren’t trained to deal with cyber attacks

The majority of large UK companies aren’t prepared to deal with cyber attacks, according to the government’s Cyber Governance Health Check Report 2017.

Even though 54% of the FTSE 350 companies surveyed said that cyber risk was a top priority, 68% of respondents said their board members haven’t received any training to respond to a cyber attack. Additionally, one in ten respondents said their organisation doesn’t have a cyber incident response plan, and only 27% of organisations that do have a plan involve their board members in it.

“Increasingly irresponsible”

Matt Hancock, the minister of state for digital, praised directors for stating the importance of cyber security but said they need to take action. He called the lack of cyber incident response plans “increasingly irresponsible” and urged FTSE 350 companies to “improve at a faster rate to ensure [the UK] can stay ahead of future cyber security challenges”.

Speaking to SC Magazine, CybSafe CEO Oz Alashe said: “Because of what is at stake, security training needs to be an item in the diaries of both staff and company bosses. Business leaders are just as vulnerable as staff.”

He added: “In spite of the clear role that human psychology plays in the cyber security landscape, business has strangely yet to properly confront the human element – the lack of knowledge – which drives cyber-crime.”

Rob Wilkinson, corporate security specialist at software company Smoothwall, agrees: “[A] strong security culture […] throughout the workforce is crucial to making sure staff are constantly vigilant and aware of the threats. If the top brass don’t pay attention to these threats, it’s not going to set a good example for the rest of the business’ employees.”

Invest in staff awareness training

You can help everyone in your organisation understand their cyber security obligations by investing in our Information Security Staff Awareness E-Learning Course.

This course aims to reduce the likelihood of human error by familiarising your staff with security policies and procedures. It covers topics such as password security, backing up data, information security incidents and business continuity.

By following the advice in this course, you can better protect your information assets and increase customer and employee confidence.

Find out more about our Information Security Staff Awareness E-Learning Course >>