UK Companies Set to Splurge on Cyber-Risk Mitigation

The vast majority of FTSE 350 companies are planning to increase spending on cybersecurity this year, with cyber-risk remaining the top boardroom concern, according to a new report.

The latest FT-ICSA Boardroom Bellwether survey is carried out by governance institute ICSA twice each year.

The latest report placed cyber-related risk as a top concern for 80% of FTSE 350 firms, way ahead of the next two: legal (56%) and political (56%) risk.

That explains why 90% of boardrooms are planning to increase spending on ways to mitigate this risk, according to the study.

“Unsurprisingly we are seeing an increase in the frequency with which boards or their committees consider exposure to cyber-risk, with a quarter of respondents telling us that this happens at least quarterly and more than half of the rest at least twice a year,” explained ICSA policy and research director, Peter Swabey.

“The 5% that are considering cyber-risk less than annually might give shareholders cause for concern.”

The findings are perhaps unsurprising given the growing number of big-name breaches hitting the headlines, alongside major security threats such as WannaCry and NotPetya which cost many organizations hundreds of millions last year.

UK-based consumer goods company Reckitt Benckiser revealed last July that NotPetya may end up costing the firm around £100m after disrupting its “ability to manufacture and distribute products to customers in multiple markets across the RB Group.”

A government report last year claimed that almost half (46%) of UK firms had identified at least one breach or cyber-attack in the preceding 12 months — a figure rising to 68% for large firms.

Most recently, researchers last week revealed major vulnerabilities in leading CPU models, potentially exposing the majority of organizations and home users across the globe to attack.

Although patches are being issued for the so-called “Meltdown” threat, the two bugs which together comprise the “Spectre” threat are as yet unpatchable — creating more risk for firms.

What’s Hot on Infosecurity Magazine?