“Increasing numbers of UK businesses are struggling to understand how to combat cybercrime, putting them at increased risk of cyberattacks resulting in crippling costs such as multi-million pound ransoms, litigation and reputational damage”, states a new report titled Effective Board Governance of Cyber Security: A source of competitive advantage. The report was published by Savanti, one of the UK’s leading cyber security consultancies. Its clients include FTSE 100 companies, medium-sized enterprises and public sector organizations.
Savanti’s report is based on 30 interviews with a range of senior business leaders, including non-executive directors, executive committee members, chief information security officers (CISO), chief technology officers (CTO) and chief information officers (CIO).
The report highlights a striking 38% surge in global cyberattacks in 2022 compared to 2021, based on findings from Check Point Research (CPR). This concerning proliferation is clearly evident in the UK, where there have been 2.4 million instances of cybercrime in the last 12 months, as per the UK Cyber Security Breaches Survey 2023.
Predictions from cybersecurity research firm Cybersecurity Ventures suggest that the cost of cybercrime to business could reach £8.4 trillion annually by 2025. If “Cybercrime were measured as a country, then it would be the world’s third largest economy after the U.S. and China”, says the research company in a stark warning to organizations worldwide.
Savanti’s report also sheds light on the recent high-profile cyberattack incidents in the UK that include Britain’s Electoral Commission, where a breach “Undetected for 14 months resulted in access to voters’ personal data including home addresses, images, email addresses, names and telephone numbers.” Additionally, security breaches in the UK affected prominent companies such as British Airways and Boots, compromising employees’ personal data, bank details and contact information.
Furthermore, while the report mentions that boards are concerned about cybersecurity, ranking it as one of their top priorities, it also references PwC’s 2022 Annual Corporate Directors Survey, which states that six in ten (59%) directors admitted that their board is not very effective in understanding the drivers and impacts of cyber risks for their organization.
“Many investors see cyber as the canary in the coal mine for the health and resilience of a business. But while there has undoubtedly been progress in recent years on board governance of cyber security, many boards struggle to dispense their responsibilities”, observed Richard Brinson, CEO of Savanti.
Interestingly, “Large enterprises with digitally-savvy, cyber-engaged executive teams” witness substantial benefits, the report further added. These include increased revenue growth, greater success rates in attracting new clients, improved data insights, elevated investor confidence, and significantly higher valuations and net margins.
Brinson recommends boards take actionable steps for improved cybersecurity governance. Recommendations include having at least one director with experience in cybersecurity, making cyber issues a regular topic of discussion at quarterly board meetings, and understanding the time it might take to recover from a major cyber attack such as ransomware.
Brinson also advocated for UK companies to take a proactive approach to get ahead of the game on cyber regulation. “Many boards have their heads in the sand on cyber regulation. In the US, the Securities and Exchange Commission adopted rules in July requiring public companies to disclose within four days all cybersecurity breaches that could affect their bottom lines. It seems likely more cyber regulation will emerge in the coming years in the UK and Europe that will eclipse the current GDPR reporting rules.”
“Businesses need to get ahead of the curve. This means requirements for boards to report on relevant expertise at board and senior management level on cyber security, report on risk management arrangements and disclose all material incidents to the relevant public authority to build a more comprehensive shared picture of the emerging threat”, Brinson further explained.
Concerns about cybersecurity are growing in the UK and elsewhere, even as a variety of increasingly sophisticated, targeted, widespread and undetected cyber attacks are being perpetrated.
With cyber attacks becoming more frequent and severe, it is important for not only UK corporations, but also for other nations and international corporations to strengthen their cybersecurity resilience and mitigate cyber risks.
Cybercrime is projected to cost the world $8 trillion in 2023, as per Cybersecurity Ventures. This makes it crucial for corporate boards and treasurers (considered as superintendents of payment security) to stay focused on cybersecurity and fraud prevention in 2023 and beyond, given the digital and interconnected nature of today’s global corporate landscape. Embracing the recommended actions by Savanti for better governance of cybersecurity may help in combating the current surge in corporate cybercrimes and safeguarding organizations against future cyber threats and attacks.
Like this item? Get our Weekly Update newsletter. Subscribe today