The government has issued three new documents advising senior business executive on defending their organisation from cyber attack.
"Currently, too few company chief executives and chairs take a direct interest in protecting their businesses from cyber threats," a joint press release from GCHQ and the Department of Business, Innovation and Skills claims.
The guidance consists of three documents. The first, aimed at senior executives and outlines board responsibilities, argues that protecting key information assets is of critical importance to the sustainability and competitiveness to businesses.
The second part, a 10-step guide to cyber security for executives, says that 80% of a company’s known cyber attacks could be defeated by embedding basic information security practices. In addition, it offers guidance on risk management, making networks more resilient and protecting key information assets against cyber threats.
The third product goes into greater detail on how to reduce cyber risk in 10 critical areas, including incident management, malware prevention, user priviledges, home and mobile working, and user education awareness.
The guide was launched this week at an event attended by FTSE 100 CEOs and chairs, ministers from Department for Business, Innovation and Skills (BIS), Foreign Office, Cabinet Office and senior figures from intelligence agencies. It follows the coalition’s primary objective in its cyber security strategy to tackle cyber crime and make the UK one of the most secure places in the world to do business online.
“Cyber security threats pose a real and significant risk to UK business by targeting valuable assets such as data and intellectual property. By properly protecting themselves against attacks companies are protecting their bottom line,” said business secretary Vince Cable.
“Ensuring this happens should be the responsibility of any chief executive or chair as part of an approach to good corporate governance which secures a business for the long-term,” he said.
In July, the UK Intelligence and Security committee said the UK should engage in taking a more aggressive stance towards cyber attacks.
"While attacks in cyberspace represent a significant threat to the UK… there are also significant opportunities for our intelligence and security agencies and military which should be exploited in the interests of national security," it said in its annual report.