Less than a fifth of FTSE 350 companies understand impact of cyber threats

Maria Nikolova

The Government’s Cyber Governance Health Check shows that 16% of FTSE 350 boards have a comprehensive understanding of the impact of loss or disruption associated with cyber threats.

How secure is your brokerage against cyber attacks?

The UK Government has earlier today published the latest FTSE 350 Cyber Governance Health Check report, indicating that UK Boards of biggest firms must do more to be cyber aware.

The 2018 Health Check concludes that boards are making progress in acknowledging, understanding and responding to cyber threats, with a positive trend towards improved governance throughout the areas covered by the Health Check. However, there remains room for improvement, particularly in assessing and dealing with risks in the supply chain, and testing incident response plans to ensure they are and continue to be fit for purpose.

The 2018 Health Check shows acknowledgement of cyber threats has increased substantially in 2018, and an increasing majority of businesses now recognise cyber security as a strategic risk management issue. Almost three quarters (72%) of respondents to the latest Health Check report that the board considers the risk of cyber threats to be high or very high in comparison to all risks that the business faces. This compares to just 54% of boards in 2017.

However, only a minority of businesses (16%) report that their board has a comprehensive understanding of the impact of loss or disruption associated with cyber threats on the types of impact tested in the 2018 Health Check, i.e. customers, share price and reputation.

The General Data Protection Regulation (GDPR) has contributed to a greater level of board engagement in cyber security issues.

GDPR appears at least partly responsible for the increased attention boards are giving to cyber threats. Out of all respondents, 77% reported that board discussion and management of cyber security had increased since GDPR, with more than half of these businesses also introducing increased security measures as a result.

The proportion of businesses that have a cyber incident plan has increased from an already high level (90%) in 2017 to 95% in 2018. However, this still suggests as many as 1 in 20 businesses may not have a cyber indent plan. Furthermore, many businesses may not know whether their plans are fit for purpose, with only just over half of businesses (57%) testing their crisis incident response plans on a set regular basis and only one quarter of businesses using external audits to obtain assurance that their incident plans are fit for purpose. Additionally, 1 in 5 boards have undertaken a crisis simulation on cyber risk in the last 12 months.

Meanwhile, more work is being done to improve the cyber resilience of business, and a new project has been announced that will help companies understand their level of resilience. The cyber resilience metrics will be based on a set of risk-based principles to allow firms to measure and benchmark the extent to which they are managing their cyber risk profile effectively.

Once developed these indicators will provide board members with information to understand where further action and investment is needed.

Speaking of cyber security, let’s note research from City-headquartered law firm RPC has shown that the number of data breaches reported by UK financial services firms to the Financial Conduct Authority (FCA) increased 480% in 2018, reaching 145.

This number compares to just 25 such reports in 2017, RPC notes. Across segments, the retail banking sector registered the largest percentage increase in the number of data breach reports, rising to 25 in 2018 from only one in 2017. RPC says that wholesale financial markets firms, such as investment banks, reported the most data breaches to the FCA in 2018, reporting 34 times, up from just three in 2017.

Other sectors within financial services that saw large increases in data breach reports include:

  • Insurers – 33 in 2018, up from seven in 2017;
  • Consumer retail lending – 21 in 2018, up from four in 2017;
  • Retail investments – 11 in 2018, up from none in 2017.

Read this next

Digital Assets

Kraken exits Middle East, closes UAE office

Digital currency exchange Kraken will close down its operations in Abu Dhabi, UAE and lay off the majority of its team focused on the Middle East and North Africa.

Industry News

CFTC comments on ION Cleared Derivatives issues after Russian-linked hack

“The ongoing issue is impacting some clearing members’ ability to provide the CFTC with timely and accurate data. As this incident unfolded, it became clear that the submission of data that is required by registrants will be delayed until the trading issues are resolved.”

Industry News

FCA took down 14 times more misleading ads in 2022 thanks to technology

The FCA has made significant improvements to the digital tools it uses to find problem firms and misleading adverts. These improvements have enabled it to work through a much larger number of cases compared with 2021.

Executive Moves

HKEX appoints ex-Goldman Sachs Matthew Cheong to lead platform’s focus on derivatives

“He has worked for a number of the world’s leading investment banks and his experience will be invaluable to HKEX as we continue to enhance our derivatives product offerings and build on our innovative and robust platform business, connecting capital with opportunities.”

Digital Assets

Zodia Custody and SBI Digital Asset Holdings launch JV for crypto asset custodian in Japan

“Zodia Custody is both proud and excited to be working with SBI DAH to help set up SBI Zodia Custody; the first tier 1 crypto asset custodian for institutions in Japan.”

Digital Assets

Paxos opens R&D center in Israel to focus on transaction signing and crypto custody security

“Paxos is looking to expand its team in Israel in 2023 and beyond, giving engineers the opportunity to work on cutting-edge financial products and shape the future of the global economy.”

Executive Moves

Stash appoints Liza Landsman as CEO to further grow investing app

Stash is an investing and banking app with over 2 million active subscribers. Its subscription plans start at just $3 a month, and offer a range of products including investing, banking, education, and advice.

Institutional FX

Invast Global ramps up its offering with 10 soft commodity CFDs

Sydney-based prime-of-prime provider Invast Global has expanded its offering with the addition of ten soft commodity CFDs, which increases their index and commodity CFD offering to 35 instruments.

Retail FX

FF Simple and Smart Trades says Goodbye to CySEC authorization

The Cyprus Securities and Exchange Commission (CySEC) confirmed that it has wholly withdrawn the Cyprus Investment Firm (CIF) licenses of FF Simple and Smart Trades Investment Services Ltd.