Home » Topics » Cybersecurity » Board communication within FTSE 350 remains biggest hurdle to cyber risk awareness

Board communication within FTSE 350 remains biggest hurdle to cyber risk awareness

Avatar photoby Ben Rossi

A lack of communication between boards and management tiers in FTSE 350 companies mean UK companies still have a long way to managing cyber risks, research has indicated.

A survey carried out by KPMG as part of the government’s Cyber Governance Health Check found that while 74% of companies thought that their boards were taking cyber security very seriously, on a number of important measures the results proved otherwise.

For example, 61% of board members said they have an acceptable understanding of their company’s key information and data assets, and a further 55% said they understood the potential impact of losing any of it. However, when pressed further, only 24% said they regularly reviewed the risk management around valuable company information and data assets.

>See also: The 2015 cyber security roadmap

Surprisingly, 65% said they rarely or never did so. A quarter of respondents said they never receive regular high-level intelligence from company CIOs or heads of security on the types of online threats their businesses may face.

Indeed, as a group, the FTSE 350 were lacking in direction about who should ultimately be responsible for cyber security. Despite focusing on the importance of getting cyber security right, only 16% said responsibility should lie with CEOs and 31% said CFOs. Only 15% believed that the responsibility sat with the CIO.

Malcolm Marshall, global leader of KPMG’s cyber security practice, said: “Cyber security may be moving up the board agenda but clear communication between boards and management remains patchy at best. Regular board engagement on this issues is critical to ensuring companies remain alert to this growing threat.

“Alarmingly, just 39% of board members saw cyber risk as an operational risk when comparing it to other threats their companies face. This is a clear indication that boards have some way to go to understanding the consequences that a cyber-attack can have on the brand and bottom-line.”

>See also: Is 2015 the year cyber security shows its human side?

One particular trend revealed by the numbers was a major jump in the proportion of companies conducting third party pre-contract due diligence, in the past year.

The data also uncovers a rise in the number of companies inserting contract clauses in order to deal with suppliers and cyber risk. Nearly half (44%) stated they conducted due diligence before signing contracts, up from only 7% in 2014. Meanwhile 48% said they included clauses in their contracts covering cyber risk, up from 33% last time.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Cyber Risk
Data

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise