The 2018 Cyber Governance Health Check examines the UK’s FTSE 350 companies’ understanding and approach to cyber security. Winning Movers administered the health check – a non-technical governance questionnaire. This assessed the extent to which boards and audit committees of FTSE 350 businesses understood and oversaw the risk management measures addressing cyber security threats to their business.
The health check shows that less than one fifth (16%) of boards have a comprehensive understanding of the impact of loss or disruption associated with cyber threats. While almost all (96%) having a cyber security strategy in place, less than half (46%) have a budget for their strategy. The health check shows that these companies have an increasing understanding of the threats of cyber security, while the company board level understanding of business-critical information, data assets and systems also continues to increase. The boards with a more comprehensive understanding of cyber threats and their potential impacts have more extensive cyber governance practices. Although boards understood threats to their own enterprise by cyber threat, more than three-quarters (77%) of boards didn’t understand the risk to the supply chain that they had no direct contact with.
The health check shows that while understanding of cyber threat has increased, the degree to which FTSE 350 companies fund and carry out measures to address them lags. The health check also offers advice for companies to help them to gain better understand of threats that can impact them. The confidence that companies have in advice and information from the government remains strong and shows the importance of cyber security strategy on a national basis, as well as an individual company basis.
Our full, published report is available to view and download below: