The Government’s latest Cyber Governance Health Check Report, published July 2017, details the responses of a FTSE 350 survey (105 respondents), highlighting that ‘there is a growing understanding of how businesses could be impacted by a cyber incident that affects their key assets.’
The report also highlighted that Cyber risk of FTSE 350 boards is ‘seen as a top priority for Boards’, with only 13% of respondents saying that cyber risk is viewed as a low, or an operational-level risk for their boards.
It goes on to note though that whilst ‘as compared with the 2015/2016 Health Check, more businesses now say that their main Board’s consideration of cyber risk is underpinned with comprehensive, generally informative management information (31%), boards still have some way to go as ‘the majority of respondents continue to say the Board is only provided with some information on cyber risk (53%).’
The survey, completed primarily by a ‘Non-Executive Director and member of the main Board’ (nearly 80% of respondents), of whom most were also Chair of their organisation’s audit committee (65%), also looked into the preparedness of boards ahead of the introduction next year of the new General Data Protection Regulation. ‘Almost three-quarters (71%) of respondents said they were somewhat prepared to meet the compliance requirements brought about by GDPR. However, only 6% reported being completely prepared to meet their compliance requirements.’