UK firms 'need cyber security'
28 November 2013
Posted by Samuel Couratin
The top businesses in the UK are not doing enough to protect themselves from cyber security.
This is according to the Department for Business, Innovation & Skills (BIS), along with the Home Office, after a recent survey of the FTSE 350 showed just 14 per cent had taken such risks into consideration, while a large number are not receiving any intelligence about the area.
Some 62 per cent of audit committees believe board members at their company take the threat posed by online criminals seriously, while 60 per cent know what their key data assets are.
The cyber governance health check by BIS showed a quarter (25 per cent) of companies considered digital risk a top priority and 56 per cent have registered the threat. A smaller group of 17 per cent, however, found the current levels of danger to be acceptable.
Commenting on BIS's findings, PwC's cyber security partner Richard Home said: "Given the dynamic nature of the risk, boards need to be reviewing threats and vulnerabilities on a regular basis. They also need to develop the skills and capability to understand how the risk could impact their organisation and what strategic response is required."
Science minister David Willetts added: "The cyber crime threat facing UK companies is increasing. Many are already taking this extremely seriously, but more still needs to be done."
As a result, the government is working with members of the industry to create a 'cyber standard' as part of its £860 million National Cyber Security Programme.
KPMG, which expressed similar views to PwC, also praised the government's efforts to encourage greater awareness and action.
Earlier this year, the firm published its own Cyber Vulnerability Index, which found members of the FTSE 350 were still leaving e-mail addresses, usernames and sensitive data online, where it is vulnerable to information thieves and other hackers.
Additionally, it discovered 20 per cent of large businesses detected a successful, external penetration of their network within the last year, while only 21 per cent of audit committees are happy with the level of security specific information they are currently receiving.