British business still underprepared for cyber-attacks

The preparedness of British businesses when it comes to the threat of cyber-attacks came under the spotlight on Monday, with a new government report suggesting two-thirds of bosses at the country’s largest businesses are not even trained to deal with such a breach.

One in ten FTSE 350 firms currently operate without a response plan for a cyber incident, the report claimed, adding that just six per cent of businesses were “completely prepared” for upcoming data protection rules, according to the FTSE 350 Cyber Governance Health Check for 2017.

“We have world leading businesses and a thriving charity sector but recent cyber-attacks have shown the devastating effects of not getting our approach to cyber security right,” commented digital minister Matt Hancock.

“These new reports show we have a long way to go until all our organisations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training.”

The report also showed two thirds of the boards of Britain’s 350 biggest companies had not received any training to deal with a cyber incident, even though more than half of them said cyber threats were a “top risk” to their business.

There had been some progress since last year’s report, with 53% of company boards now setting out their approach to cyber risks, compared to 33% a year ago, while more than half of businesses now said to have a “clear understanding” of the impact of a cyber-attack.

Separate research, also out on Monday, also showed that charities were just as susceptible to attacks are businesses.

“Charities must do better to protect the sensitive data they hold and I encourage them to access a tailored programme of support we are developing alongside the Charity Commission and the National Cyber Security Centre,” Matt Hancock added.

The research also found that those in charge of cyber security, particularly those in smaller charities, were often not proactively seeking information, and were relying on outsourced IT providers to deal with threats.

“Charities have lots of competing priorities but the potential damage of a cyber-attack is too serious to ignore,” said Charity Commission for England and Wales chief executive Helen Stephenson.

“It can result in the loss of funds or sensitive data, affect a charity’s ability to help those in need, and damage its precious reputation.

“Charities need to do more to educate their staff about this threat and ensure they dedicate enough time and resources to improving cyber security.”