According to a survey from the government, more than two thirds (68%) of companies say that their directors have had no training on how to handle a hacking at their business. The FTSE 350 Cyber Governance Health Check is the government’s annual report into how the UK’s biggest companies deal with cyber-security issues.
The survey discovered that 54% of company boards named hacking as one of the major threats that face them in business. However, 10% said they currently have no plan to deal with a potential hacking.
Matthew Hancock, Digital Minister highlighted the example of the NHS attack earlier this year and the “devastating effect” of cyber-attacks. “We have a long way to go until all our organisations are adopting best practice.”
His advice was to take training and advice from the National Cyber Security Centre. “These new reports show we have a long way to go until all our organisations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training.”
Slow progress
While the results of the survey are worrying, it did show that there’s progress being made. First of all, companies are realising the extent of a cyber-attack’s effect on a business. 57% of businesses said they now have a clear understanding of what a cyber-attack would mean for them. This is an increase from 49% previously.
53% also said that they are now setting out their approach for cyber-risks and damage control, up from 33% previously recorded.
31% of boards are now receiving comprehensive information about cyber-security risks. This is up from 21% in 2015-16, so companies are moving in the right direction.
Alex Dewdney, Director for Engagement at the National Cyber Security Centre said: “The NCSC is committed to making the UK the safest place in the world to live and do business online.
“We know that we can’t do this alone – everyone has a part to play. That’s why we’re committed to providing organisations with expert advice through our website and direct engagement. We also urge organisations to follow the guidance in the Government’s Cyber Essentials Scheme.”
Are you prepared for a potential cyber threat? Would you consider formal training for yourself and your employees? Let us know your thoughts.
