Almost 70 per cent of Boards at FTSE 350 firms are unprepared for cyber incidents, with no training on the subject - and 10 per cent have no plans in place to respond to one.
The figure is especially surprising considering other findings of the Cyber Governance Health Check: namely, that 54 per cent of Boards consider cyber as a top risk, and 57 per cent have 'a clear understanding' of the potential impact of a cyber incident.
Jon Geater, CTO of Thales e-Security, said, "The results of this latest government survey are not altogether surprising but they are rather concerning given the recent proliferation of data breaches and cyberattacks... Awareness among executives is now absolutely critical in today's digital age. While educating and upskilling every executive would be a Sisyphean task, every business needs C-Level functional leaders to take responsibility for keeping the business running in these difficult circumstances."
On a positive note, a third of respondents said that they regularly made investments based on their cyber security, up from just eight per cent in 2014; and, for the first time, more Boards (50 per cent) said that they review and challenge reports on the security of their customer data than those who do not (46 per cent). This data is a valuable target for hackers, and its management will be crucial for GDPR compliance.
"In order for companies to prevent the sensitive data from falling into the hands of a malicious hacker, and becoming tomorrow's headlines, boardrooms need to ensure that cyber and data security feature prominently on their day-to-day agendas," said Geater.
Digital Minister Matthew Hancock told the BBC, "We have a long way to go until all our organisations are adopting best practice."
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software