• Skip to primary navigation
  • Skip to main content
  • Skip to footer
The Evolution of ESG RegulationThe Evolution of ESG RegulationThe Evolution of ESG Regulation

CUBE global

  • Products
        • RegPlatform product overviewOur enterprise product, providing regulatory intelligence for large, global financial institutions looking to tackle complex compliance.
        • RegAssure product overviewOur highly intuitive, seamless compliance product, that grows with your small or medium sized business.
        • CUBE's technology
  • Solutions
        • PrivacyGlobal governance for data privacy regulations, the world over
        • RecordsHolistic oversight of ever-growing regulations for records
        • CybersecurityAutomated workflows for up to date, relevant data on cyber
        • Technology riskEffective policies and controls to mitigate technology risk
        • Financial crime and AMLWatertight audit trails to show risk-based rationale
        • View all solutions
  • Resources
        • Resource hubLifting the lid on financial services, compliance, and regulation
        • Read

        • Case Studies
        • Blog posts
        • Reports
        • RegNews
        • Brochures
        • Find

        • Compliance Corner
        • Compliance confessions
        • ESG Conference
        • CUBE’s regulation game
        • Listen

        • Videos
        • Webinars
        • Podcasts
  • Partners
        • Advisory and consulting partnersEnhance your regulatory compliance offering with the entire suite of CUBE regulatory data.
        • Integration partnersCompliance is complex enough without over-complicated integration procedures.
        • Technology partnersAdd value to existing customer applications with a unified window into regulatory intelligence.
        • Partners overview
  • About us
        • About usThe story of who we are, how we got here and why we’re exceptionally proud of what we do
        • TeamThe visionaries and leaders powering CUBE’s success
        • NewsThe latest news from CUBE
        • CareersOur movement to transform regulatory data into regulatory intelligence
        • ContactWant to know more? Get in touch
  • Request a demo
Customer login
Home » Resources » Cyber Captains share their view on cyber security

December 23, 2021 | Sally Morris

Estimated reading time: 4 minutes

Cyber Captains share their view on the choppy seas of cyber security

The UK’s Department for Digital, Culture, Media & Sport has published its “Cyber resilience captains of industry survey 2021”, which highlights cyber threats to be “high risk” in comparison to all other risks that companies face.

The survey received responses from “Captains of industry” – which are comprised of Chairs, CEOs, COOs, and other executive board directors across finance, technology and utilities (among others). The survey found that nine in ten Captains said that they consider cyber threats to be a high or very high risk to their firms.

Interestingly, while 92% of respondents agreed that they integrate cyber considerations into their wider business areas, only 83% of these felt that their board was well informed enough to make decisions about cyber resilience. Moreover, only 77% of Captains said that they included discussions about cyber security on at least a quarterly basis.

Are boards adapting to meet cyber risk?

The last few years have been overshadowed by the global pandemic, which pushed individuals and companies online like never before. With that in mind, in 2020 nearly all Captains (99%) said that they had a cyber strategy in place, with 86% allocating a dedicated budget to this strategy. Despite this, only 58% of respondents said that the cyber strategy aligned with their business goals, and even more surprisingly only 20% had integrated a cyber strategy within their IT strategy.

What is particularly notable in the survey findings is the high percentage of organizations who have put documentation in place to manage cyber risks. Of the firms asked, more than 95% said that they had written documentations for cyber security, including risk registers and business continuity plans.

However, while this documentation is in place, there is a stark contrast between documentation and implementation. Cyber risk is a constantly evolving beast. As we saw over the last year, cybercriminals are quick to innovate around new environments and systems and utilize new methods to target businesses and individuals alike. With that in mind, it is striking to see that 18% of boards discuss cyber once every six months, and 51% discuss it on a quarterly basis. Even more shockingly, 1% said they never discuss cyber risk.

How can boards improve?

Understanding cyber risk is difficult. Implementing strategies to mitigate those risks is even harder, especially given the ephemeral nature of cybercrime. When asked how boards could be better supported to make better decisions about cyber, 34% said that they needed better education or training for their board.
Moreover, 24% said that they needed greater engagement with third party experts, which might imply a lack of cyber experts working within organizations – especially when only 13% said they would like greater engagement from internal company experts. 21% of Captains said they would benefit from the provision of regular updates about cybersecurity risks.

CUBE comment

On a high level, the results of this survey are encouraging. Boards are aware of cyber risks and are implementing documentation to mitigate and support that risk. However, when you drill down into the specifics, there are certainly areas for improvement – and in some cases areas for concern.

It long seems to have been the thinking within organizations that creating documentation and annual training is enough to keep risk at bay. As we’ve seen through a raft of recent data breaches and enforcement action, cyber risk mitigation needs more. Cybersecurity needs to be embedded within organizations from the top, down. It should be part of a company’s culture and goals, not simply a policy that’s revisited every year.

With that in mind, it’s interesting – and somewhat contradictory – that, while nine out of 10 of Captains consider cyber security a high or very high risk, only 51% are having discussions around the topic quarterly, with 18% only discussing it quarterly. Cyber is ever evolving and innovative. As technology grows, so too does the cyber risk.

Cybercriminals are not precious; they will find weaknesses within an organization and pinpoint these gaps. If boards aren’t discussing cyber on a monthly basis, the cracks will undoubtedly begin to show.
Which leads me to the 21% of Captains that have said they would benefit from the provision of regular updates around cyber risk. While it’s good to see boards acknowledging that they aren’t necessarily abreast of the latest information, it’s surprising that the figure isn’t higher.

At CUBE, we’re seeing thousands of regulatory updates being published daily. Given the increased regulatory focus around cyber, it stands to reason that a vast proportion of these regulatory updates will concern cyber. Of course, we can’t expect board of directors to keep on top of these updates, but the compliance, data and IT departments within organizations will.


CUBE can help you keep abreast of every regulatory change and make sense of it for your business.

Request a demo

Related resources
View all resources
Recent US and UK crypto regulation developments
Blogs

FCA’s crackdown on illegal crypto promotions: Social media firms to face accountability

Consumer Duty compliance
Blogs

Welcome to the Consumer Duty Era

Consumer Duty roundtable
Blogs

Table Talk series: Consumer Duty roundtable

What's the latest in anti money laundering regulations
Blogs

The fight against dirty money: recent AML developments 


Want CUBE updates and latest industry news sent straight to your inbox?

Footer

Add CUBE logo here

  • Products
    • Partners
    • Solutions
  • Resource hub
    • Blogs
    • Reports
    • Brochures
    • Compliance Corner
    • Webinars
    • Podcasts
    • Videos
  • Behind CUBE
    • About us
    • Meet the team
    • Careers
    • News US
    • Contact us
  • The legal bits
    • Privacy policy
    • Cookie policy
    • Terms of use
    • Accessibility
Follow us:
  • LinkedIn
  • Twitter
  • YouTube

© 2023 CUBE Content Governance Global Limited

  • English
  • US