Government to British business: Not enough being done to improve cyber security awareness

84 per cent of the boards of UK's biggest companies don't fully understand the impact of a cyber-attack on their businesses

Only 16 per cent of the boards of UK's FTSE 350 companies have a sound understanding of the potential impact that a cyber-attack could have on their organisation, the Government's Cyber Governance Health Check 2018 has warned.

The Cyber Governance Health Check is part of the Government's National Cyber Security Strategy: 2016-2021, which aims to make Britain a safe place for doing online business.

The 2018 survey analysed the approach the UK's largest companies take for cyber security, and concluded that most need to improve awareness of cyber-security.

The results may sound surprising considering that the Health Check found that more companies now acknowledge cyber threats and recognise cyber security as a strategic risk management issue. And 96 per cent of the FTSE 350 companies now claim to have a cyber-security strategy in place.

According to the report, 72 per cent of the survey participants said that their boards consider the risk of cyber-attacks to be high compared to all risks that the company faces. This compares to just 54 per cent in 2017.

While most FTSE 350 companies have a cyber-security strategy in place, only 16 per cent reported that their board has a complete understanding of the impact of potential losses linked to cyber threats on a company's reputation, share price, and customers.

In addition, only 56 per cent of the businesses reported testing their cyber-security incident response on a regular basis.

According to Digital Minister Margot James, boards of major companies need to do more to ensure that they do not fall prey to cyber attacks.

"Technology is a crucial and growing part of modern life and underpins our efforts in the UK to build a world-leading digital economy," James said.

"We want the UK to continue being at the forefront of digital innovation and security. Protecting and strengthening the UK's digital economy is thus at the heart of what we're doing in Government," she added.

The survey also noticed the positive impact of the EU's General Data Protection Regulations (GDPR) implementation in 2018 on increasing attention of boards on cyber threats.

Seventy-seven per cent of the respondents said board discussion of cyber security increased after GDPR came into effect.