Less than a fifth of FTSE 350 companies understand impact of cyber threats

Maria Nikolova

The Government’s Cyber Governance Health Check shows that 16% of FTSE 350 boards have a comprehensive understanding of the impact of loss or disruption associated with cyber threats.

How secure is your brokerage against cyber attacks?

The UK Government has earlier today published the latest FTSE 350 Cyber Governance Health Check report, indicating that UK Boards of biggest firms must do more to be cyber aware.

The 2018 Health Check concludes that boards are making progress in acknowledging, understanding and responding to cyber threats, with a positive trend towards improved governance throughout the areas covered by the Health Check. However, there remains room for improvement, particularly in assessing and dealing with risks in the supply chain, and testing incident response plans to ensure they are and continue to be fit for purpose.

The 2018 Health Check shows acknowledgement of cyber threats has increased substantially in 2018, and an increasing majority of businesses now recognise cyber security as a strategic risk management issue. Almost three quarters (72%) of respondents to the latest Health Check report that the board considers the risk of cyber threats to be high or very high in comparison to all risks that the business faces. This compares to just 54% of boards in 2017.

However, only a minority of businesses (16%) report that their board has a comprehensive understanding of the impact of loss or disruption associated with cyber threats on the types of impact tested in the 2018 Health Check, i.e. customers, share price and reputation.

The General Data Protection Regulation (GDPR) has contributed to a greater level of board engagement in cyber security issues.

GDPR appears at least partly responsible for the increased attention boards are giving to cyber threats. Out of all respondents, 77% reported that board discussion and management of cyber security had increased since GDPR, with more than half of these businesses also introducing increased security measures as a result.

The proportion of businesses that have a cyber incident plan has increased from an already high level (90%) in 2017 to 95% in 2018. However, this still suggests as many as 1 in 20 businesses may not have a cyber indent plan. Furthermore, many businesses may not know whether their plans are fit for purpose, with only just over half of businesses (57%) testing their crisis incident response plans on a set regular basis and only one quarter of businesses using external audits to obtain assurance that their incident plans are fit for purpose. Additionally, 1 in 5 boards have undertaken a crisis simulation on cyber risk in the last 12 months.

Meanwhile, more work is being done to improve the cyber resilience of business, and a new project has been announced that will help companies understand their level of resilience. The cyber resilience metrics will be based on a set of risk-based principles to allow firms to measure and benchmark the extent to which they are managing their cyber risk profile effectively.

Once developed these indicators will provide board members with information to understand where further action and investment is needed.

Speaking of cyber security, let’s note research from City-headquartered law firm RPC has shown that the number of data breaches reported by UK financial services firms to the Financial Conduct Authority (FCA) increased 480% in 2018, reaching 145.

This number compares to just 25 such reports in 2017, RPC notes. Across segments, the retail banking sector registered the largest percentage increase in the number of data breach reports, rising to 25 in 2018 from only one in 2017. RPC says that wholesale financial markets firms, such as investment banks, reported the most data breaches to the FCA in 2018, reporting 34 times, up from just three in 2017.

Other sectors within financial services that saw large increases in data breach reports include:

  • Insurers – 33 in 2018, up from seven in 2017;
  • Consumer retail lending – 21 in 2018, up from four in 2017;
  • Retail investments – 11 in 2018, up from none in 2017.
  • Read this next

    Digital Assets

    Hong Kong ends license applications for crypto exchanges

    Hong Kong has officially ceased accepting license applications from cryptocurrency exchanges as of February 29, signaling a stringent regulatory shift.


    Volt secures EMI license, expands payment solutions in UK

    Volt has successfully obtained an Electronic Money Institution (EMI) license from the UK’s Financial Conduct Authority (FCA).

    Retail FX

    ASIC bankrupts finfluencer Tyson Scholz over stock tips

    The Australian Securities and Investments Commission (ASIC) has effectively bankrupted Tyson Robert Scholz, the figure behind “Black Wolf Pit.” The action marks a significant crackdown on so-called ‘finfluencers’ and individuals providing unlicensed financial services.

    Digital Assets

    Green Bitcoin Presale Raises $1M as Bitcoin Approaches its ATH

    The eco-friendly crypto project Green Bitcoin has seen its limited-time presale phase cross $1 million in funding. With an innovative gamified staking model and energy-efficient foundation, Green Bitcoin offers token holders a way to stake their tokens and generate yield.


    Introducing QuickNode Streams: Elevating Blockchain Data Management

    Discover QuickNode’s Latest Innovation: Streamlining Blockchain Data Streaming for Enhanced Efficiency and Accessibility. Explore the Future of Blockchain Technology with Streams.

    Industry News

    John Oliver rips into MetaTrader over role in ‘Pig Butchering’ scams

    “If your friend told you to download an app, and you saw it in the app store with good reviews, you might assume everything on it was legitimate. In before, you saw MetaTrader’s logo which looks like three men in suits jerking each other off under a table – an appropriate metaphor for cryptocurrency if I have ever seen one,” Oliver quipped.

    Digital Assets

    Coinbase supports Nethermind and Erigon to ease Geth dependency

    Coinbase plans to support additional execution clients as America’s largest crypto platform aims to improve the Ethereum blockchain’s resilience and mitigate the risks associated with the network’s heavy reliance on a single client.


    How AI Transforms Trading: Current Trends and Perspectives

    In 2023, we observed a boom of news about Artificial Intelligence (AI) in every field, whether finance, tech or medicine. In 2024 and later, AI will take an even more significant place.

    Industry News, Uncategorized

    FCA wants to tackle lack of competition in wholesale data market

    “Complex licensing practices by MDVs and trade data providers who deliver their data through MDVs increase costs for data users. Many Market Data Vendor (MDV) users have to hold licences both from the data generator (such as a trading venue) and from the MDV through which they access data. We have seen an increasing proliferation of licences for similar data types and different use cases. Complexity also drives additional costs for data users, such as operating a compliance team.”