Britain’s top firms and charities need to do more to protect themselves from online threats, according to UK Government a cyber health check and research.
One in ten FTSE 350 companies said they operate without a response plan for a cyber incident. Less than a third of boards receive comprehensive cyber risk information. Only 6%of businesses are well prepared for new data protection rules.
Separate research has found that charities are as susceptible to attacks as businesses. Many staff not well informed about the topic. Awareness and knowledge varies considerably across different charities.
UK Minister for Digital, Matt Hancock said: “We have world leading businesses and a thriving charity sector. But recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right.
“These reports show we have a long way to go until all our organisations are adopting best practice. I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training.
“Charities must do better to protect the sensitive data they hold. I encourage them to access a tailored programme of support we are developing alongside the Charity Commission and the National Cyber Security Centre.”
Cyber health check
There has been progress in some areas when compared with last year’s cyber health check. More than half of company boards now setting out their approach to cyber risks (53% up from 33%). More than half of businesses having a clear understanding of the impact of a cyber attack (57% up from 49%).
The FTSE 350 Cyber Governance Health Check is the UK Government’s annual report providing insight into how the country’s biggest 350 companies deal with cyber security.
The UK Government will soon be introducing its new Data Protection Bill to Parliament. It comes into effect next May, implementing the General Data Protection Regulation (GDPR). Foer the first time, the report included questions about data protection.
The new law will strengthen the rights of individuals and provide them with more control over how their personal data is being used.