Taking the pulse: what we can learn from the latest FTSE 350 Cyber Health Check

The UK Government has published the FTSE 350 Cyber Governance Health Check 2018, its annual “barometer of how corporate Britain is responding to the ongoing challenge of cyber threats.” The report demonstrates an increasing awareness of cyber risk at board level, but also that there remains key practical steps to take to embed cyber security into organisations and avoid it becoming merely a tick box exercise, a view perhaps best summarised by this NCSC quote taken from the report:

“Although board understanding of cyber security has been increasing steadily since the FTSE 350 Cyber Governance Health Check began, many boards have yet to understand cyber risks in the same way or to the same extent they understand financial risks, or health and safety risks.”

The briefing summarises the report and offers some practical tips we have drawn from the report and our experience of advising on cyber incidents and risk management.