The Cyber Governance Health Check assesses and reports levels of cyber security awareness and preparedness in FTSE 350 companies (i.e., the UK’s 350 largest firms). The report allows these leading organisations to compare how security risks are managed and helps them to identify and address their different vulnerabilities.
According to the latest figures from the Health Check, over half (54%) of FTSE 350 companies list the risk of cyber-attacks as their number one concern (compared with other business threats like economic uncertainty or the unease surrounding Brexit). This figure is up from 29% just three years ago.
It’s likely that the recent spate of ransomware attacks in the UK, and the devastation that followed instances such as the NHS’s WannaCry scare, is cause for the unrest amongst Britain’s market leaders. Whilst it is positive to see the new priority given to limiting cyber-security risks by these leading organisations, the report also highlights a less optimistic statistic: the fact that one in ten organisations currently operate without a response plan for cyber-attacks, and over two-thirds of employees have not received any training as to how handle an event such as this.
However, as Marco Cova, Senior Security Researcher at Lastline, suggests:
“If one was to find a silver lining, I would say that these ransomware attacks will probably do more to raise the security awareness of vendors and organisations than many security measures have in the past.”
Indeed, faced with the seemingly ever-present threat from cyber-criminals looking to steal data (or else hold it hostage) at the moment, it seems obvious that organisations ought to conduct their due diligence and prepare for the worst. More than this, though, and with new GDPR legislation on the horizon for 2018, companies are now more accountable than ever for keeping their clients’ data safe. This means that investments in technology and thorough cyber-security training that is preventative rather than reactive are imperative. This type of risk-mitigating training could mean the difference between keeping confidential data safe and compliant with GDPR, and having to fire-fight the aftermath (financial, reputational, or otherwise) of a data-breach.
It remains true that the biggest risk to any company’s digital security is its own employees. More often than not, users inadvertently create an entry-point for cyber-criminals to take advantage of – by visiting unauthorised websites, re-using weak passwords, or opening an attachment from an unknown sender, for example. This is why VinciWorks offer a range of information and cyber-security eLearning courses, all specifically designed to reduce the risk of a security breach.
Ensure your employees are aware of how to prevent a data breach with our Data Protection and Preventing a Data Breach eLearning courses. For added online security, we can also provide an off-the-shelf cyber-security bundle of courses, which includes full and short-course training to ensure your employees have a full awareness of cyber-security policies and best practices.
