Only one in five FTSE 100 companies disclose testing of online business protection plans.
Most (57 per cent) of FTSE 100 companies talk about their overall crisis management, contingency or disaster recovery plans within their annual reports but few in comparison mention cybersecurity. Just 21 per cent of UK Blue Chip businesses regularly share security updates with the board at least twice a year, according to a study by management consultancy Deloitte.
Cyber risk testing would include services such as “ethical hacking” (AKA penetration testing) to find vulnerabilities in their IT systems. Security testing will become even more important with the advent of the EU’s General Data Protection Regulation, due to swing into effect in June, under which data breaches in the UK and other member states will be punished with much tougher financial sanctions.
Phill Everson, head of cyber risk services at Deloitte UK, said: “Would-be hackers look for weaknesses in a system to gain access, so testing remains vital in ensuring strong cyber resilience. The 20 per cent of companies that disclosed testing for…
