The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

FTSE 350 Cyber Governance Health Check

23 August 2017 | Updated 01 January 1970
 

Britain’s top firms and charities urgently need to do more to protect themselves from online threats, according to new Government research and a ‘cyber health check’ published week ending Aug 25.

New reports highlight scale of the cyber security and data protection challenge with:

  • One in ten FTSE 350 companies operating without a response plan for a cyber incident.
  • Only six per cent of businesses completely prepared for new data protection rules.
  • Separate new research finds charities are as susceptible to attacks as businesses.

Undertaken in the wake of recent high profile cyber attacks, the survey of the UK’s biggest 350 companies found more than two thirds of boards had not received training to deal with a cyber incident (68 per cent) despite more than half saying cyber threats were a top risk to their business (54 per cent).

One in ten FTSE 350 companies said they operate without a response plan for a cyber incident (ten per cent) and less than a third of boards receive comprehensive cyber risk information (31 per cent).

The Minister for Digital Matt Hancock said at the launch of the reports: "We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right.

"These new reports show we have a long way to go until all our organisations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training."

 

Charities

In his half hour, Hancock also said: "Charities must do better to protect the sensitive data they hold and I encourage them to access a tailored programme of support we are developing alongside the Charity Commission and the National Cyber Security Centre."

 

Improvement on last year

There has been progress in some areas when compared with last year’s health check, with more than half of company boards now setting out their approach to cyber risks (53 per cent up from 33 per cent) and more than half of businesses having a clear understanding of the impact of a cyber attack (57 per cent up from 49 per cent).

 

Useful as a chocolate tea pot

A five-year National Cyber Security Strategy (NCSS) was announced in November 2016, supported by £1.9 billion of transformational investment. This includes opening the National Cyber Security Centre and offering free online advice as well as training schemes to help businesses protect themselves.

However, ThisWeekinFM has been through the NCSS's flagship 10 Steps to Cyber Security guide and discovered it is so basic as to be useless to major organisations with their own IT professionals. Information on the latest threats (such as during the Wannacry outbreak) was not published promptly and contained very little by way of advice other than to contact an IT professional.

The NCSS claims to have 'set out a comprehensive framework to help company boards manage cyber risks, from getting the basics right through to protecting their most critical assets'.

 

Separate new research looking at the cyber security of charities has also been published in week ending Aug 25.

It found charities are just as susceptible to cyber attacks as businesses, with many staff not well informed about the topic and awareness and knowledge varying considerably across different charities. Other findings show those in charge of cyber security, especially in smaller charities, are often not proactively seeking information and relying on outsourced IT providers to deal with threats.

Where charities recognised the importance of cyber security, this was often due to holding personal data on donors or service users, or having trustees and staff with private sector experience of the issue. Charities also recognised those responsible for cyber security need new skills and general awareness among staff needs to raise.

Helen Stephenson CBE, Chief Executive at the Charity Commission for England and Wales, said: "Charities have lots of competing priorities but the potential damage of a cyber attack is too serious to ignore. It can result in the loss of funds or sensitive data, affect a charity’s ability to help those in need, and damage its precious reputation. Charities need to do more to educate their staff about this threat and ensure they dedicate enough time and resources to improving cyber security.

"We want to make sure charities are equipped to do this, and we encourage them to use the advice on our Charities Against Fraud website. We also continue to work closely with the Department for Digital, Culture, Media and Sport to help charities protect themselves online."

The FTSE 350 Cyber Governance Health Check is the Government’s annual report providing insight into how the UK’s biggest 350 companies deal with cyber security.

 

Article written by Brian Shillibeer | Published 23 August 2017

Share



Related Articles

FTSE 350 - General Data Protection Awareness Good

The Government will soon be introducing its new Data Protection Bill to Parliament. With this almost certain to come into effect next May, implementing the General Data...

 Read Full Article
Huawei The Lads – Clandestine Chinese Tech Co Gets Partial 5G OK

Restrictions should be placed on the use of high-risk 5G vendors such as Huawei – but that doesn't exclude the Chinese Government owned firm from being...

 Read Full Article
123456 - 23.2 Million Cyber Victims Used This Password

The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as...

 Read Full Article
Funds For Charities To Access Safeguarding Training

Protecting vulnerable people from harm must be a non-negotiable priority for the entire charity sector, Civil Society Minister Mims Davies has said. The Minister said...

 Read Full Article
Attack On Critical National Infrastructure Imminent

Over half of the respondents to a survey have said they believe an attack on critical national infrastructure is imminent. Most respondents also think the convergence...

 Read Full Article
£17 Million Or 4% Of Turnover - Will Hacked Sodexo Face Crippling Fine?

Sodexo Engage has been hacked - seriously hacked - with the company having to advise users of one of its services to cancel their credit and debit cards as a...

 Read Full Article
From Russia With Loath - World Cyber War Happening

A joint US-UK statement has been made on malicious cyber activity carried out by the Russian government. The National Cyber Security Centre (NCSC), Federal Bureau of...

 Read Full Article
Big Brother Watch £19 Million Local Authority Cyber Attacks

Local authorities face £19 million cyber attacks a year, an investigation by a civil liberties campaign group has revealed. UK councils have been subjected to...

 Read Full Article
National Warning as Major Cyber Attack Detected

Third parties who manage large organisations’ IT services have been attacked by suspected cyber terrorists the government's  National Cyber Security Centre...

 Read Full Article
We Are the Champions Ma'm - Queen Opens NCSC

The Director of GCHQ (Government Communications Headquarters) told HM the Queen "the National Cyber Security Centre (NCSC) will aim to make the United Kingdom the...

 Read Full Article