U.K. Companies Lack Board-Level Digital Defenses
Only 5 percent of large U.K. companies say their boards include directors with expertise in information technology or cyber security, even though the vast majority identify hacking and other digital threats as serious risks, a report showed.
Accoding to Bloomberg, in the event of a cyber attack, more than half of companies in the FTSE 100 stock index cited contingency, crisis management, or disaster-recovery plans in their annual reports, according to the survey, published by consulting firm Deloitte. Yet many companies lack board-level skills to deal with such crises or are paying insufficient attention to the risks.
“With the pervasive nature of technology and the focus on cyber risk it is alarming that only one in 20 boards disclose that they currently have board members with specialist technology or cyber background,” said Phill Everson, head of cyber risk services at Deloitte. Their analysis of U.K. companies’ disclosure on digital security follows high-profile data breaches at companies ranging from Sony to Yahoo, as well as the Democratic Party in the U.S.
Eighty-seven percent of FTSE 100 companies identified cyber attacks as a “principal” risk, Deloitte said. More than half of companies disclosed business disruption and reputational damage as potential risks from security breakdowns. Deloitte says the most common cause of company data breaches are a firm’s own employees.