Two-thirds of business leaders have no cyber training

Only two per cent have 'comprehensive' training in dealing with cyber incidents

A survey of the FTSE 350 - the UK's 350 largest firms - has found that almost 70 per cent of Boards have no training to deal with cyber attacks, and one in 10 have no plans in place to respond to a cyber incident.

The figure is especially surprising considering other findings of the Cyber Governance Health Check: namely, that 54 per cent of Boards consider cyber as a top risk, and 57 per cent have 'a clear understanding' of the potential impact of a cyber incident.

Jon Geater, CTO of Thales e-Security, said, "The results of this latest government survey are not altogether surprising but they are rather concerning given the recent proliferation of data breaches and cyberattacks... Awareness among executives is now absolutely critical in today's digital age. While educating and upskilling every executive would be a Sisyphean task, every business needs C-Level functional leaders to take responsibility for keeping the business running in these difficult circumstances."

On a positive note, a third of respondents said that they regularly made investments based on their cyber security, up from just eight per cent in 2014; and, for the first time, more Boards (50 per cent) said that they review and challenge reports on the security of their customer data than those who do not (46 per cent). This data is a valuable target for hackers, and its management will be crucial for GDPR compliance.

"In order for companies to prevent the sensitive data from falling into the hands of a malicious hacker, and becoming tomorrow's headlines, boardrooms need to ensure that cyber and data security feature prominently on their day-to-day agendas," said Geater.

Digital Minister Matthew Hancock told the BBC, "We have a long way to go until all our organisations are adopting best practice."