70% of UK bosses have no training to deal with cyber attacks
Britain's business leaders are woefully underprepared for breaches, report shows
Almost 70% of Britain's top business leaders have received no training in how to respond to a cyber attack, a new government report has revealed.
The figures come from the Cyber Governance Health Check, an annual report carried out by the Department for Digital, Culture, Media and Sport (DCMS) to assess the level of cyber security within FTSE 350 companies.
The results showed that out of Britain's top 350 businesses, 10% operate with no cyber incident response plan whatsoever, while two-thirds of boards are not kept updated with cyber security risk information. This is despite more than half of those surveyed identifying cyber security as a top business risk.
"We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right," said minister for digital Matt Hancock.
"These new reports show we have a long way to go until all our organisations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government's advice and training."
Board-level awareness of the importance of cybersecurity has risen by almost 10% compared to last year's report, but experts have warned that without the confidence to get hands-on in the aftermath of a breach, board members may be putting their businesses at risk.
"While cyber security has cemented itself onto the board's agenda, they often lack the training to deal with incidents. This is hugely important as knowing how to deal confidently with an incident in the heat of the moment can save time and money," said KPMG's UK head of cyber security, Paul Taylor. "The aftermath of a cyber-attack, without the appropriate training in managing the issue, can result in reputational damage, litigation and blunt competitive edge."