Almost 70 per cent of Boards at FTSE 350 firms are unprepared for cyber incidents, with no training on the subject - and 10 per cent have no plans in place to respond to one.
The figure is especially surprising considering other findings of the Cyber Governance Health Check: namely, that 54 per cent of Boards consider cyber as a top risk, and 57 per cent have 'a clear understanding' of the potential impact of a cyber incident.
Jon Geater, CTO of Thales e-Security, said, "The results of this latest government survey are not altogether surprising but they are rather concerning given the recent proliferation of data breaches and cyberattacks... Awareness among executives is now absolutely critical in today's digital age. While educating and upskilling every executive would be a Sisyphean task, every business needs C-Level functional leaders to take responsibility for keeping the business running in these difficult circumstances."
On a positive note, a third of respondents said that they regularly made investments based on their cyber security, up from just eight per cent in 2014; and, for the first time, more Boards (50 per cent) said that they review and challenge reports on the security of their customer data than those who do not (46 per cent). This data is a valuable target for hackers, and its management will be crucial for GDPR compliance.
"In order for companies to prevent the sensitive data from falling into the hands of a malicious hacker, and becoming tomorrow's headlines, boardrooms need to ensure that cyber and data security feature prominently on their day-to-day agendas," said Geater.
Digital Minister Matthew Hancock told the BBC, "We have a long way to go until all our organisations are adopting best practice."
Central Bank of India forced to make banks take basic security more seriously
Qualcomm planning to use TSMC's 7nm process to make fast and power-efficient rival to Intel
Voice assistants in smart homes will reach 275 million in five years' time, and Amazon is in pole position
Kicking Palantir off of AWS is among their demands, too