Late last week the Department for Business Innovation and Skills (BIS) published a report detailing the results of its most recent FTSE350 cyber-security survey.
Responses were down across key sectors, most notably within the financial services sector which came out on top of the previous survey on 'maturity' on cyber-security issues published 2 years ago. The report speculates that the decline in responses might be attributed to 'more prioritised and specific cyber security activity following the 2013 Health Check'.
Despite the disparity in response rates as compared to the last survey, the finance services sector generally fared better than others in their collective cyber security awareness and approach. The results provided that:
- 55% of financial services boards have a clear understanding of the impact of cyber security breaches on key information and data assets
- 55% of boards were reported to base cyber risk discussion on up-to-date management information, with financial services boards better informed than most in this regard.
- The financial services sector was amongst those attaching greatest priority and importance to cyber security.
- The finance services sector was split in its assessment of the level of cyber risk, with 40% declaring it a high risk, 15% a medium risk and 45% a low risk.
- The finance services sector fared well in relation to board training with 60% of members having received some form of cyber security training.
The UK Government hopes that the report will facilitate a better understanding across organisations of all shapes and sizes of the risks inherent in cyberspace. With major incidents becoming increasingly commonplace in a range of industries (Sony's woes being the most recent example) it is no surprise that cyber security has been as critical an issue on board agendas as it has of late.
The commonly held view is that such risks are only likely to broaden as organisations digitise more and more aspects of their operations. The UK Government will be hoping its survey suitably highlights areas for improvement in cyber security practices, and effectively warns of the consequences of cyber security complacency.