The Daily Swig Web security digest

Knowledge is lacking: UK’s top firms not trained to deal with cyberattacks

James Walker | 21 August 2017 at 12:00

Leading businesses and charities in Britain urged to do more to protect themselves from online threats.

Britain’s top firms and charities urgently need to do more to protect themselves from online threats, according to new government research published last week.

Undertaken in the wake of recent high-profile cyberattacks that affected public and private institutions across the country, the survey of the UK’s biggest 350 companies found more than two-thirds (68%) of management boards had not received training to deal with a cyber incident, despite more than half (54%) saying digital threats were a top risk to their business.

Ten per cent of FTSE 350 companies said they operate without a response plan for a cyber incident, and less than a third (31%) of boards receive comprehensive cyber risk information.

The UK government is currently ramping up its efforts to defend the nation against cyberthreats. Its five-year National Cyber Security Strategy (NCSS) was announced in November 2016, supported by £1.9 billion ($2.5 billion) of investment.

This includes opening the National Cyber Security Center (NCSC) and offering free online advice as well as training schemes to help businesses protect themselves.

“We have world leading businesses and a thriving charity sector, but recent cyberattacks have shown the devastating effects of not getting our approach to cyber security right,” said the Minister of State for Digital, Matt Hancock.

“These new reports show we have a long way to go until all our organizations are adopting best practice, and I urge all senior executives to work with the National Cyber Security Centre and take up the government’s advice and training.”

“Charities must do better to protect the sensitive data they hold and I encourage them to access a tailored program of support we are developing alongside the Charity Commission and the NCSC.”