In March 2019, NEDonBoard joined FTSE 350 chairs, CISOs and cyber experts at the launch of this year’s FTSE 350 Cyber Governance Health Check 2018. The report, produced by the UK Government, shares the results of the 2018 FTSE 350 Cyber Governance Health Check survey, ‘a non-technical governance questionnaire which assesses the extent to which boards and audit committees of FTSE 350 businesses understand and oversee risk management measures that address cyber security threats to their businesses’.
Opening the launch event, Sir Donald Brydon CBE, Chairman of the London Stock Exchange, placed emphasis on the growing importance of cyber governance being top of the boardroom agenda.
Margot James, Minister for Digital and the Creative Industries, provided an overview of the government’s stance on cyber security and as highlighted in the report, noted that ‘technology is a crucial and growing part of modern life and underpins our efforts in the UK to build a world-leading digital economy. We want the UK to continue being at the forefront of digital innovation and security. Protecting and strengthening the UK’s digital economy is thus at the heart of what we’re doing in Government.’
It was made clear that the Government is ‘still working through the implications of a more connected society and the necessary adjustments that we need to make’, and there is a desire for UK business to lead the charge in addressing cyber security for now over a more extensive regulatory approach.
UK businesses are therefore called upon to develop a positive cyber security culture, and with the FTSE 350’s influence on supply chains, they can also lead the way for smaller businesses. This is particularly important given that Margot James highlighted themes in recent cyber-attacks having been the fault of not ‘having a comprehensive understanding of business assets across multiple locations’ and ‘not understanding the importance of the supply chain to the overall security of the business’. A chain is only as strong as it’s weakest link.
The report on FTSE 350 businesses provides some encouragement to findings of previous years with cyber risk perception having increased; and more boards reporting a comprehensive understanding of critical information, data assets and systems, though many boards still do not. Also of note, most boards report having a cyber-security strategy, though the report indicates that less than half have a dedicated budget for this; most businesses have incident response plans, yet less than two-thirds of businesses test these on a regular basis; and the majority of boards ‘do not recognise supply chain risks beyond the first tier’.
Not a member yet? Join your NED community and have access to the latest job opportunities, Events and Networking. You can sign up here.