Majority of companies feel that their board is fully on cyber issues, but a third deem it a “top risk”.
According to research of the FTSE 350 by PwC, and results of the FTSE 350 ‘Cyber Governance Health Check’, 88 per cent of companies say that cyber security is on the board’s agenda. Despite an increasing number of breaches in 2014, only 29 per cent of companies thought cyber was a “top risk”.
Whilst the majority (92 per cent) of respondents say their boards have a clear or acceptable understanding of the value of key information and data assets, one in three say the risks associated with maintaining this information is never reviewed.
Richard Horne, cyber security partner at PwC, said: “To prosper in the digital world, businesses have to manage their cyber security risk and so it is encouraging to see that most FTSE 350 companies place cyber risk firmly on the board agenda. However, to truly manage cyber risk more needs to be done.
“As recent events have shown, the cyber security threat landscape continues to evolve fast. Boards must review their risk regularly and ensure that the organisation is managing its vulnerabilities and keeping pace with the sophistication and scale of the threat. Boards must develop the skills and capabilities to understand the impact of cyber threats on their organisation and shape the necessary strategic response.”
Brian Honan, CEO of BH Consulting, told IT Security Guru that he does see organisations take cyber risks more seriously, with an increasing number including cyber risks as part of their overall operational risk management.
“However in some cases this is being driven by external factors, such as regulatory bodies looking for evidence of awareness of cyber risks from those organisations, rather than it being an initiative been driven internally,” he said.
“The figures from PwC reflect this by showing more organisations are aware of the risks but are not actively managing it in a mature manner. We need to also consider that a board has to view other risks outside the cyber realm to manage the business effectively and with the economic uncertainty that is in place here risks are taking a priority
“So while it is good to see boards become more aware of cyber risks there is still a long way to go before they manage those risks effectively.”
Half (49 per cent) of respondents felt that there is more their company can do to protect itself from cyber threats, however they also said that their company responded very or quite well to cyber compromises and occurrences over the last year, and almost all (93 per cent) felt that employees were now comfortable with reporting these compromises.
Announced in 2013, the health check option was backed by KPMG and offered to FTSE 350 companies who reportedly showed poor cyber security hygiene.
Join our next webcast, taking place at 3pm GMT on Thursday 22nd January where we will discuss effective spending to help defend against modern threats. We will be joined by Bromium’s Ian Pratt, CISO Paul Swarbrick and the Information Security Forum’s Steve Durbin – https://www.brighttalk.com/webcast/11399/140339