UK cybersecurity challenges

A survey by UK cybersecurity company Savanti finds that many UK organizations are struggling to properly manage this essential issue in spite of an increase in worldwide cyberattacks and growing awareness about the necessity of cybersecurity.

Global cyberattacks grew by 38% in 2022 compared to the previous year. With 2.4 million incidents of cybercrime reported in the last year across a variety of industries, the growth in cybercrime is not sparing UK firms.

The financial toll that cybercrime takes is also substantial. Cybersecurity Ventures estimates that by 2025, the yearly cost of cybercrime to enterprises might reach £8.4 trillion, making it the third-largest global economy behind the US and China.

According to Savanti’s paper, Effective Board Governance of Cyber Security: A Source of Competitive Advantage, many boards find it difficult to comprehend the nuances of cyber hazards. 59% of directors acknowledged that their boards struggle to understand the motivations behind and effects of cyber hazards on their organizations.

The analysis demonstrates a strong link between successful cybersecurity practices and economic growth. Digitally knowledgeable and cyber-engaged leadership teams at businesses saw stronger revenue growth, higher values, and better net margins.

Effective cybersecurity procedures also improved data insights, boosted investor trust, protected shareholder value during mergers and acquisitions, and increased success rates when competing for new clients.

Important suggestions

The Savanti report makes several important suggestions for boards to improve their cybersecurity governance, including:

1. A minimum of one non-executive director with knowledge of technology, digital, data, or cybersecurity should be on the board to increase board knowledge. Directors should be urged to learn more about cybersecurity and interact with professionals in the field.
2. Put cybersecurity first. It should be a permanent topic on board agendas, mentioned at least once every three months, and more frequently when serious problems are still present. Some companies might even think about creating a board-level technology committee.
3. Recognize the board’s responsibilities: Boards should establish the level of risk they are willing to take, ensure resilience and recovery strategies, maintain an acceptable level of expertise, and be ready for crisis situations.
4. Prepare for regulation: As the likelihood of cyber regulation increases, boards should proactively get ready by reporting on expertise at the board and senior management levels, revealing risk management plans, and quickly notifying the appropriate authorities of breaches.
5. Use independent advisors: Independent cybersecurity advisors can help boards by advancing their knowledge, helping them to prepare for meetings, helping them to formulate questions, and helping them to spot potential problems.

In the future

“Many investors see cyber as the canary in the coal mine for the health and resilience of a business. If a company can demonstrate effective cyber preparedness, it is a sign of the strength of their overall leadership, operations, and governance,” said Richard Brinson, CEO of Savanti.

But even while board governance of cyber security has clearly advanced recently, many boards still find it difficult to carry out their duties.

We discovered that many board members lack the necessary degree of cyber awareness, are unaware of their specific position in cyber security, and are hesitant to consult their chief information security officer to fill this knowledge gap out of concern that doing so will reveal their ignorance.

“Businesses must adopt cutting-edge strategies. This entails regulations for boards to report on risk management plans, disclose all material occurrences to the competent public authority, and report on relevant knowledge at board and senior management level on cyber security in order to provide a more thorough shared picture of the rising danger.