Cyber Governance Health Check report: UK firms need to do more

Cybersecurity, News

Leaders at some of the UK’s biggest companies have been told to be more aware of cyber attacks to avoid falling victim.

Despite almost all of the country’s top firms having a cyber security strategy in place, many board directors admitted that they don’t have a full understanding of the impact of loss or disruption associated with cyber threats, according to the Government’s annual Cyber Governance Health Check report published today (5th March 2019).

It also found that just under half (43%) fail to regularly test their cyber security response plans on a regular basis, even though the awareness of the threat of cyber attacks has increased.

“Every company must fully grasp their own cyber risk – which is why we have developed the NCSC’s Board Toolkit to help them.”
Ciaran Martin, chief executive of the NCSC (National Cyber Security Centre).

“This survey highlights some urgent issues companies will be able to address by putting our Toolkit’s advice into practice,” added Martin.

“Cyber security is a mainstream business risk, and board members need to understand it in the same way they understand financial or health and safety risks.”

The arrival of the General Data Protection Regulations (GDPR) in 2018 is said to have had a positive effect in raising attention.

Ciaran Martin, chief executive of the NCSC (Stefan Rousseau/PA)

A new project has also been announced, which will help companies measure and manage cyber risk.

“The UK is home to world leading businesses but the threat of cyber attacks is never far away,” said Margot James, Digital Minister.

“We know that companies are well aware of the risks, but more needs to be done by boards to make sure that they don’t fall victim to a cyber attack.

“This report shows that we still have a long way to go but I am also encouraged to see that some improvements are being made. Cyber security should never be an add-on for businesses and I would urge all executives to work with the National Cyber Security Centre and take up the Government’s advice and training that’s available.”

Chris Price
For latest tech stories go to