Boards taking steps to bolster cyber security as cyber risk increases

London, 9 March 2017 – A poll out today from ICSA: The Governance Institute and recruitment specialist The Core Partnership finds that almost 60% of organisations polled have faced increased exposure to cyber risk in the past 12 months, with 77% of boards now regarding it as a board issue.

‘Cyber crime is one of the fastest growing crimes in the UK,” says Peter Swabey, Policy and Research Director at ICSA: The Governance Institute, ‘and it is imperative that boards pay cyber risk adequate attention. ‘It is reassuring to see that 72% of the organisations that responded to our poll do, but it is worrying that 14% do not. It is also of concern that 16.5% of organisations polled feel that their board regards cyber risk as purely a problem for IT.’  

Although cyber risk is principally dealt with by the Audit Committee in some organisations, respondents disclosed that it is increasingly on board members’ radar. Some of the ways in which boards are getting to grips with cyber risk is through training sessions on cyber security, and through regular updates.

Considered by some organisations to be one of their highest rated enterprise risks, there is increased vigilance and strategic planning with companies taking various steps to mitigate the risk, such as:

  • Regular testing, awareness and security and ‘in case all else fails’ insurance
  • Risk management plans
  • Encryption of key personal data
  • Increased use of software and tightening of parameters of monitoring software used
  • Employee briefings to raise staff awareness.

Questioned about what further support the government or the various regulators could give to companies to help deal with cyber risk, responses were varied, with some considering that it is not necessarily a government or regulatory responsibility beyond raising awareness and providing information about cyber crime. Others felt that the cyber police force should be increased, that criminal law could be tightened to make it a more serious crime and that there should be increased intelligence and pressure on foreign governments.

‘One potential area of concern flagged up was the opinion that NHS trusts might be over reliant on central NHS systems and controls. I would advise all organisations, whatever the sector, to regularly review their systems and controls. Organisations might like to consider inviting experts in to breach their systems as this highlights any weaknesses and allows organisations to step up security as necessary. Also, staff training is essential. Cyber risk is a company-wide risk, not just an IT one and the weakest point is usually one individual,’ concludes Peter.

- Ends -

 For further information, please contact Maria Brookes, Media Relations Manager:

 mbrookes@icsa.org.uk

+44 (0)20 7612 7072

+44 (0)7890 649 143 

Notes to Editors:

  1. ICSA: The Governance Institute is the professional body for governance. We have members in all sectors and are required by our Royal Charter to lead ‘effective governance and efficient administration of commerce, industry and public affairs’. With over 125 years’ experience, we work with regulators and policy makers to champion high standards of governance and provide qualifications, training and guidance.
    Website: www.icsa.org.uk
  2. The Core Partnership is a niche market recruitment consultancy working with Company Secretaries and their teams to advise on and resource their specialist interim and permanent manpower needs. With relevant professional backgrounds spanning back to the 1980s, The Core Partnership has a wealth of knowledge of the development and dimensions of the role of the Company Secretary. The team provides market advice on relevant qualifications and experience, conducts salary and benchmarking exercises and works throughout the UK and overseas recruiting at all levels to this specific discipline.
    Website: www.core-partnership.co.uk  

Search ICSA