Cybersecurity is now recognised as a critical issue by most FTSE 350 board members. Yet, this awareness has not translated into adequate training for cyber incident response.
Research reveals a troubling gap: while boards acknowledge cyber risks, many still lack formal training plans. This dichotomy raises concerns about preparedness.
Recent research underscores a crucial dichotomy in FTSE 350 companies: rising recognition of cyber risks versus inadequate training for board members. Despite 54% of businesses identifying cyber risk as a top threat, over two-thirds lack proper training. This gap poses significant challenges in effectively managing potential cyber incidents.
Boards are reportedly more engaged in discussions about cyber risk tolerance than ever, with a majority having clearly defined protocols. However, this progress is undermined by a lack of practical training in handling real-world cyber threats, as a remarkable 68% of executives have not received necessary training.
With the introduction of the General Data Protection Regulation (GDPR) less than a year away, many boards remain inadequately prepared.
About 46% of FTSE 350 companies do not actively review security reports concerning customer data. This oversight could lead to significant compliance challenges in the near future.
Although 71% of companies consider themselves ‘somewhat prepared’ for GDPR, the lack of understanding of its operational requirements is evident. Many organisations are yet to familiarise themselves with the regulations’ specifics, which could result in hefty penalties.
KPMG’s Martin Tyley emphasises the need for collective responsibility among board members when it comes to cybersecurity. Cybersecurity must integrate into every business aspect.
Tyley advocates that robust cyber governance could make cybersecurity a mainstream business process, essential for operating in today’s digital landscape.
Training and preparation are paramount as businesses navigate the complexities of digital transformation. Without these, organisations risk exposing themselves to significant operational disruptions.
Effective training helps in building resilience against cyber threats, which is imperative to maintain a competitive advantage and protect corporate reputation. A proactive approach in training can significantly mitigate the potential impact of cyber incidents.
Achieving cyber maturity requires a shift in mindset from reactive to proactive strategies.
A comprehensive training framework is essential for empowering board members with the necessary skills to handle complex cyber threats.
In conclusion, while awareness of cyber risks among FTSE 350 boards has increased, the lack of training remains a critical issue that needs urgent addressing. Prioritising comprehensive cyber governance strategies and training will strengthen resilience and ensure compliance, safeguarding the future of businesses in an increasingly digital world.
