Just 1 in 20 FTSE 100 organisations have a cyber risk director

A study by Deloitte has revealed that just 5% of FTSE 100 companies have a director responsible for cyber risks, Financial Times reports.

While 71% of corporations identified IT systems failure in their principle concerns and a further 72% highlighted a cyber attack as a risk, the report suggests that firms have been slow to react to the emerging threat of cyber warfare.

Following a number of high-profile breaches and attacks on organisations including Lloyds Bank, Tesco, Deutsche Telekom and the NHS, the report’s results are somewhat surprising given that the number of attacks rose by 55% from 2015 to 2016.

Phill Everson, head of cyber risk services at Deloitte UK has said “The vast majority of FTSE 100 reports acknowledge the principal risk, but our analysis shows there were wide variations in the disclosure of cyber risk management and mitigation strategies.”

In the study, 11% of the reports mentioned the creation of a new role or body to take overall accountability for cyber risk, while more than half of organisations identified cyber contingency, crisis management or disaster recovery plans in their annual report.

Only 58% however disclosed that these plans had been simulated in test scenarios over the year.