Company bosses not equipped to deal with cyber-attack

Andrew Cummings
August 22, 2017

It found that 68 per cent of boards had not received specific training to deal with a cyber incident despite more than half (54 per cent) saying cyber threats were one of the main risks to their business.

53% of boards receive only some information on cyber risk.

The results showed that out of Britain's top 350 businesses, 10% operate with no cyber incident response plan whatsoever, while two-thirds of boards are not kept updated with cyber security risk information. More than three quarters (77 percent) of CEOs agreed with the statement: "I am personally comfortable with the degree to which mitigating cyber risk is now part of my leadership role". While cyber security has cemented itself onto the board's agenda, they often lack the training to deal with incidents.

Martin Tyley, KPMG's head of cyber for the north, said: "It's great that business leaders are finally seeing cyber security investment as a positive figure on the balance sheet rather than a negative one. The aftermath of a cyber-attack, without the appropriate training in managing the issue, can result in reputational damage, litigation and blunt competitive edge".

A third report about cybersecurity revealed firms are also struggling to prepare themselves for the General Data Protection Regulation (GDPR), which is to be implemented next year.

However, just 13 per cent said GDPR was a regular topic of conversation in board meetings, with only six per cent claiming to be fully prepared for the May 2018 implementation date.

The new law will strengthen the rights of individuals and provide them with more control over how their personal data is being used.

"It's worrying that with less than a year to go, many organisations still have a lot to do". GDPR will affect organisations in the United Kingdom and worldwide that have any dealings with consumers and businesses in European Union member states.

Last month, minister for security Ben Wallace warned about the lack of preparedness among businesses and consumers when it comes to protecting themselves from cyber attacks.

Hancock said there had been progress in some areas when compared with a health check previous year, with more than half of company boards now setting out their approach to cyber risks (53 per cent up from 33 per cent).

"Board members need to take collective responsibility for cyber security and consider it in every aspect of the business. If they can do that, then perhaps cyber security will become mainstream and a vital component of doing business in our digital world", concluded Taylor.

Other reports by iNewsToday