Companies exposure to cyber risk is increasing but action to prevent it is not
Almost all company boards spoken to in a recent survey think that their business's specific exposure to cyber risk is increasing, yet only a fifth have taken action to mitigate the risk.
According to the recent FT–ICSA Boardroom Bellwether report, the survey of 53 companies from 20 sectors found that almost all boards think their company's specific exposure to cyber risk is increasing – yet only 21 per cent of companies have taken action and significantly mitigated the risk.
The report claimed that only 13 per cent of boards have discussed and acted on the government's published Cyber Security Guidance, while around 75 per cent said that boards had either not discussed/nor even seen this guidance. Surprisingly, four per cent said that it was ‘not applicable to us'.
Stephen Midgley, vice president, global marketing at Absolute Software, said: “The results of the survey highlight a worrying trend in how corporations are tackling evolving security threats, in particular those in the cyber area. However, managing corporate cyber security is more than just responding to external hacking attacks.
“The survey begs the question that if a business doesn't have the infrastructure in place to combat external threats, is it in a position to ensure the security and strength of its corporate digital infrastructure?”
The survey also found that risk was the principal area of training for boards in the last 12 months. Around 93 per cent of respondents felt that board positions – both executive and non-executive – now carried a higher level of reputational risk compared with five years ago.