- Security TWENTY
- Women in Security
FTSE 350 boards are growing more confident in their investments to mitigate cyber risks, but they are also aware of the huge scale of the challenges ahead. That is according to the results of an audit firm’s FTSE 350 ‘Cyber Governance Health Check’. PwC reports that just one per cent of companies surveyed feel their board is fully informed and skilled enough to manage innovation and risk in the digital world.
For the second year, the auditors have helped FTSE 350 companies complete the health check run by MI5, GCHQ and the Department for Business, Innovation and Skills (BIS), which assessed how well FTSE 350 boards and audit committees understand and oversee risk management measures and address their cyber security threats. Some 108 companies completed the ‘health check’.
Cyber security is clearly on the board’s agenda with most companies, 88 per cent, having a cyber risk category within their strategic risk register. However, despite more IT breaches in 2014, only 29pc of companies thought cyber was a “top risk”, suggesting according to the audit firm that companies need a more mature approach to cyber risk management.
While most (92pc) of respondents say their boards have a clear or acceptable understanding of the value of key information and data assets, one in three say the risks associated with maintaining this information is “never” reviewed. A quarter (25pc) of firms were reporting that boards never receive intelligence about who might be targeting the organisation from their company’s senior cyber risk owner.
Half the respondents said their company responded very or quite well to cyber compromises and occurrences over the last year and almost all (93pc) felt that employees were now comfortable with reporting these compromises. The cyber risk responsibility is placed firmly with the board, 74pc of which are said to take the risk very seriously.
However, given the changing risk landscape there remains a degree of uncertainty around cyber threat with some 49pc of respondents feeling there is more their company can do to protect itself from cyber threats.
Richard Horne, cyber security partner at PwC, said: “To prosper in the digital world, businesses have to manage their cyber security risk and so it is encouraging to see that most FTSE 350 companies place cyber risk firmly on the board agenda. However, to truly manage cyber risk more needs to be done.
“As recent events have shown, the cyber security threat landscape continues to evolve fast. Boards must review their risk regularly and ensure that the organisation is managing its vulnerabilities and keeping pace with the sophistication and scale of the threat. Boards must develop the skills and capabilities to understand the impact of cyber threats on their organisation and shape the necessary strategic response. In today’s digital world, securing key data and digital processes is now a core element of business management.” Visit: http://www.pwc.com/uk