According to the Cyber Governance Health Check, top UK boards still do not understand the impact of a cyber-attack. Here is a quick guide about why this might be and steps to improve this situation.
Cyber-security is everywhere. Serviceteam IT’s 2017 and 2018 research revealed that organisations are willing to invest in and understand cyber-security. This was a main concern alongside Brexit, GDPR and a Skills Shortage. Six months later and using the Cyber Governance Health Check Report 2018, Britain’s cyber-security will be revisited.
According to the report, fewer than 1/5 of British boards can claim to understand the true loss of a cyber-security breach. Yet, 96% of business had a cyber-security strategy in place.
How do these figures add up?
This may be linked to only 57% of companies testing their cyber-security plans regularly. However, 72% of respondents acknowledged that the risk of cyber threats was high. So, there is an understanding of the extent of cyber governance problems. Yet, the issue may surround the time and willingness to check resources.
Additionally, the EU’s General Data Protection Regulation (GDPR) was implemented in May 2018. 77% of respondents commented that their management of cyber-security had increased after the introduction of the GDPR. However, this makes the findings more confusing.
How can we improve these figures?
- A potential solution for an organisation understanding the outcome of a lack of cyber-security is to include this into your business strategy.Appropriately placed staff could help communicate the information on cyber governance to the board.
- A potential problem is that cyber-security is not embedded into the culture of UK businesses. Arguably a more successful company regularly reports cyber security risks directly to the board. Guidance I have read includes that investment could be financial or educational to utilise resources. This does make sense as you could have a top-down approach to new technological advances and ensuring risks are understood.
Therefore, it is best to be on high alert and to continue to utilise resources in the most effective ways possible in the coming months. Six months post Serviceteam’s most recent report, the main conclusion is that cyber-security problems are not going away, and unfortunately neither is the need for constant planning and the implementation of robust cyber governance.
I look forward to seeing what Serviceteam’s 2019 research holds about cyber-security.