Boards still in denial over cyber risk, as bosses keen to pass the buck

Hayley Kirton
Follow Hayley
Chief execs do not think they have a role to play in cyber security (Source: Getty)
oards still have their heads buried in the sand when it comes to cyber security, a new survey has found.

The research commissioned by NCC Group, and seen exclusively by City A.M., found that just 13 per cent of chief executives thought they needed to take responsibility for the level of cyber risk in their company.

While another 13 per cent were keen to let the managing director handle cyber security and nine per cent felt it was part of their financial director's role, more than half (52 per cent) would shift the responsibility onto their technology or information chief's plate.

"Boards continue to pass the cyber buck by delegating accountability to technical leads likes CIOs and CTOs," said Rob Cotton, chief executive at NCC Group. "Cyber security is the responsibility of the CEO and the main board as it is the most significant issue facing businesses today."

Read more: Don't be fooled by the Tesco Bank hack – Non-banks more likely to be hit

Cotton's own company has set up a cyber security committee, and he himself sits on it, to assess the state of the company's cyber security and any risks it faces, reporting on this monthly.

Cotton added: "Boards fully discuss, report and become expert on accounting policies, health and safety, corporate social responsibility and executive remuneration, however, this is not the case with a company's most valuable assets: its data and information. It's time to take control and be proactive."

Those looking for examples of a company suffering at the hands of cyber criminals do not have too far to search.

Read more: If you're using one of these passwords you probably need to change it

This month, Tesco Bank has paid out £2.5m to compensate around 9,000 customers whose accounts were hit by a widespread fraud. At one point, it was feared 20,000 customers had had money wrongfully taken from their accounts.

Last year, an attack affecting TalkTalk lead to details, including bank account numbers and addresses, being stolen for more than 150,000 customers. The telecoms company has since been slapped with a record £400,000 fine from the Information Commissioner's office.

Meanwhile, research released in September by Financial Fraud Action UK discovered there is now an incidence of fraud every 15 seconds, and government research published in May found two-thirds of British businesses had been the target of a cyber attack over the past year.

Related articles