Almost 70 per cent of Boards at FTSE 350 firms are unprepared for cyber incidents, with no training on the subject - and 10 per cent have no plans in place to respond to one.
The figure is especially surprising considering other findings of the Cyber Governance Health Check: namely, that 54 per cent of Boards consider cyber as a top risk, and 57 per cent have 'a clear understanding' of the potential impact of a cyber incident.
Jon Geater, CTO of Thales e-Security, said, "The results of this latest government survey are not altogether surprising but they are rather concerning given the recent proliferation of data breaches and cyberattacks... Awareness among executives is now absolutely critical in today's digital age. While educating and upskilling every executive would be a Sisyphean task, every business needs C-Level functional leaders to take responsibility for keeping the business running in these difficult circumstances."
On a positive note, a third of respondents said that they regularly made investments based on their cyber security, up from just eight per cent in 2014; and, for the first time, more Boards (50 per cent) said that they review and challenge reports on the security of their customer data than those who do not (46 per cent). This data is a valuable target for hackers, and its management will be crucial for GDPR compliance.
"In order for companies to prevent the sensitive data from falling into the hands of a malicious hacker, and becoming tomorrow's headlines, boardrooms need to ensure that cyber and data security feature prominently on their day-to-day agendas," said Geater.
Digital Minister Matthew Hancock told the BBC, "We have a long way to go until all our organisations are adopting best practice."
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal