The majority of board members at FTSE 350 companies now recognise cyber security as a key issue but this isn鈥檛 reflected in the training that management receive in dealing with cyber incidents, new research has claimed.
A survey carried out by KPMG as part of the government鈥檚 Cyber Governance Health Check has revealed that more than half (54 per cent) of businesses place cyber risk as a 鈥榯op group risk鈥 when compared with other potential threats that a company faces. This is a significant improvement from the 29 per cent who did so in 2014.
The study also shows that boards are now more likely to debate and agree their tolerance for cyber risk than in previous years 鈥 more than half have this 鈥渃learly set and understood鈥.
However, the survey found that training in how to deal with cyber security issues and threats is still lagging.
More than two thirds (68 per cent) of those surveyed have not received any training to deal with a cyber incident. More worryingly, 10 per cent of companies admitted to not having a plan in place to respond to an incident.
鈥淏oard members need to take collective responsibility for cyber security and consider it in every aspect of the business,鈥 Martin Tyley, KPMG鈥檚 head of cyber for the North, said.
鈥淚f they can do that, then perhaps cyber security will become mainstream and a vital component of doing business in our digital world.鈥
Tyley warned that the aftermath of a cyber-attack, without the appropriate training in managing the issue, can result in 鈥渞eputational damage, litigation and blunt competitive edge鈥.
The KPMG report also found that, with聽General Data Protection Regulation (GDPR) less than a year away, 46 per cent of boards still do not review and challenge reports on the security of their customer鈥檚 data. However, 71 per cent of businesses describe themselves as 鈥榮omewhat prepared鈥 to meet the requirements.
Tyley said: 鈥淚t鈥檚 worrying that with less than a year to go, many organisations still have a lot to do. GDPR will affect organisations in the UK and worldwide that have any dealings with consumers and businesses in EU member states.
“The regulation sets a new bar for customer and client privacy expectations, but the truth is that many just don鈥檛 understand what they have to do and how to deal with it.鈥