Articles - Lack of communication biggest hurdle to cyber risk awareness


Board communication within FTSE 350 remains biggest hurdle to cyber risk awareness

     
  1.   74 percent of companies thought that their Boards were taking cyber security very seriously
  2.  
  3.   61 percent of Board members believe they have an acceptable understanding of their company’s key information and data assets
  4.  
  5.   Yet 65 percent said they rarely or never regularly reviewed the risk management around valuable company information and data assets
  6.  
  7.   A quarter of respondents said they never receive regular high level intelligence from company CIOs or Heads of Security on the types of online threats their businesses may face.
       
 Lack of communication between Boards and management tiers in FTSE 350 companies, and a growing reliance on legal remedies mean UK companies still have a long way to go to proactively manage the risks of a cyber attack. In a survey carried out by KPMG as part of the Government’s Cyber Governance Health Check, 74 percent of companies thought that their Boards were taking cyber security very seriously, yet on a number of important measures the results proved otherwise.
 
 For example, 61 percent of Board members believe they have an acceptable understanding of their company’s key information and data assets, and a further 55 percent said they understood the potential impact of losing any of it. However, when pressed further only 24 percent said they regularly reviewed the risk management around valuable company information and data assets. Surprisingly, 65 percent said they rarely or never did so. A quarter of respondents said they never receive regular high level intelligence from company CIOs or Heads of Security on the types of online threats their businesses may face.
 
 Indeed, as a group, the FTSE 350 were lacking in direction about who should ultimately be responsible for cyber security. Despite focusing on the importance of getting cyber security right only 16 percent said responsibility should lie with Chief Executive Officers and 31 percent said Chief Financial Officers. Only 15 percent believed that the responsibility sat with the Chief Information Officer.
 
 Malcolm Marshall, global leader of KPMG’s cyber security practice, says:
 “Cyber security may be moving up the Board agenda but clear communication between Boards and management remains patchy at best. Regular Board engagement on this issues is critical to ensuring companies remain alert to this growing threat.
 
 “Alarmingly, just 39 percent of Board members saw cyber risk as an operational risk when comparing it to other threats their companies face. This is a clear indication that Boards have some way to go to understanding the consequences that a cyber-attack can have on the brand and bottom-line.”
 
 One particular trend revealed by the numbers was a major jump in the proportion of companies conducting third party pre-contract due diligence, in the past year. The data also uncovers a rise in the number of companies inserting contract clauses in order to deal with suppliers and cyber risk. Nearly half (44 percent) stated they conducted due diligence before signing contracts, up from only 7 percent in 2014. Meanwhile 48 percent said they included clauses in their contracts covering cyber risk, up from 33 percent last time.
 
 Marshall said: “It’s fantastic to see such a huge jump in the number of companies pushing suppliers to review their cyber security as, with each link in the supply chain being tightened, the chances of a breach diminish. It’s also clear that steps can be taken in a short space of time if organisations work together, giving real genuine hope of progress for companies of all sizes. However, focusing on contractual obligations alone isn’t enough. Board members need to take collective responsibility for cyber security and consider it in every aspect of the business. If they can do that, the baby steps made to date will turn into huge strides on the path towards great cyber security.”
 
  

Back to Index


Similar News to this Story

Actuarial Post Magazine Awards Winners Edition December 2024
Welcome to the Actuarial Post Awards 2024 winner’s edition and we hope you enjoy reading about their responses on having won their award. The awards
Guide to setting expense reserves under the new Funding Code
The new defined benefit (DB) funding code of practice (new Funding Code) requires all schemes to achieve funding levels that ensure low dependency on
Smooth(ing) Operator
Private equity can be a great asset. It’s generally the most significant way to have any real world impact as an investor (eg infrastructure assets li

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.