Company directors sidestep cyber security

by Gill Montia

Story link: Company directors sidestep cyber security

“Although there is growing awareness of the threats and risks in cyberspace, there is still limited understanding of the nuances of the debate.”

According to new research from Chatham House, the directors of one large insurance company admitted they had no idea how they should manage or mitigate a cyber attack and had even less understanding of how their business partners are addressing cyber security issues.

Within the financial sector only one example was found of a state of the art cyber security messaging strategy and the think tank notes that such strengths seemed to be “heavily dependent upon the innovation and energy of the managers who introduced and oversaw their development”.

Chatham House suggests that cyber security is a risk-management issue that should now fall in the top three board-level concerns, with policy coming under the umbrella of traditional security arrangements and directors involved in scenario-based training for cyber attacks.

The report sums up: “Many of the organisations surveyed in the course of this project have developed an attitude to cyber security that is fundamentally contradictory.

“In most cases, they declared themselves to be aware of cyber security threats. Yet … were willing, for a variety of resource and other reasons, to accept an unexpectedly high level of risk in this area.

“In several cases it was even decided that cyber risk should be managed at arm’s length from the executive authority and responsibility of the board and senior management.”

Recent government research estimates that cyber crime costs UK business £21 billion per annum with cyber criminals currently targeting financial services, support services, the construction and materials industry and the not-for-profit sector.

Theft (or loss) of consumer data costs firms an estimated £1 billion per annum.