Investors must pay closer attention to cyber threats

Organisations need to give investors more information about their strategies for preventing cyber attacks and data breaches, according to the head of the National Cyber Security Centre (NCSC).

Ciaran Martin told the Times (warning: paywall): “Institutional investors play an extremely powerful role in assessing many risks in companies, but that is not the same for cyber risks.”

He added: “I think one thing that would help enormously is if institutional investors played a stronger role in asking the tough questions across the corporate sector.”

Investors are concerned

Investors seem to be aware of the threat of cyber crime. PwC’s Global Investor Survey 2018 found that 41% of investors and analysts are “extremely concerned” about cyber threats. It was the highest-ranking threat in the report among investors, rising from fifth place in 2017.

The problem is that there’s a big difference between recognising a problem and knowing what needs to be done about it. Without a solid understanding of the organisation’s existing cyber security measures, it’s hard to recommend ways to become more resilient. Investors should therefore question senior staff about the defences they have in place and what they hope to achieve.

There is no single answer for the best way to stay cyber secure, as both resources and vulnerabilities vary between organisations and industries. Some advice applies universally (such as the need for staff awareness training), but you’ll need detailed information about the threats organisations face and the way they anticipate and respond to them before being able to judge whether their defences are adequate.

You can get that information with a little help from our free green paper: 12 cyber security questions to ask your CISO. It explains:

  • What you need to ask your CISO about cyber security;
  • How to make the case for improving your cyber security programme and budget;
  • Which key areas you should be investing in for improved cyber security; and
  • How to implement a holistic cyber security programme.