24 Aug'17

Nearly 70% of company bosses have no cyber security training


The Report published an article detailing HBO’s experience of multiple attacks from hackers over the last couple of weeks.


The Cyber Governance Health Check 2017 assessed 350 FTSE companies, to gain insight into businesses’ understanding and management of cyber-attacks. The Health Check revealed that 68 per cent company directors had not received any training of how to deal with cyber incidents; and 10 per cent of company boards do not have a plan in place in the case of a cyber-attack.


These statistics highlight the lack of senior employees that lack knowledge of how to act against potential cyber-attacks. Corporations have a responsibility to change this as their technology stores sensitive information, customer data, and private accounts, which may cause detrimental impact if released into public domain.


The Health Check did also reveal some positive statistics. For example, 57% of Boards have a clear understanding of the potential impacts resulting from a loss of, or disruption to, key information or data assets. This has increased from 49% in the 2015/16 report.


Positive statistics, similar to the one cited above, demonstrate companies’ understanding about cyber risk is increasing. However, the Health Check reveals that companies need to do more to manage and minimise their cyber risk.


It is important to note that company directors did not go through any self-assessment for the Health Check to objectively examine the degree of their cyber security knowledge . Instead, company directors were asked questions such as, ‘To what extent has your Board explicitly set its appetite for cyber risk, both for existing business and for new digital innovations?’ and given a choice of five options from ‘Not really’ to ‘Clearly set and understood’. In turn, this makes it is easy for company directors’ to not accurately portray their knowledge about cyber-risk.


Despite this, the Health Check does still emphasis the need for company directors to be trained in cyber security.