Skip to main content

Majority of CEOs still not considered responsible for their firm's cybersecurity

Chief Executive Officers in the UK are still far from being considered responsible for keeping their organisations safe from cyberattacks, according to a new report by NCC Group.  The report, which the risk mitigation and cybersecurity company just released, is based on a poll of 200 UK board of directors, where they were questioned on cybersecurity. Just 13 per cent said the managing director was responsible for cyberrisks in their company. 

Also, just nine per cent named the financial director. The biggest burden is still on the shoulders of CTOs and CIOs – 52 per cent.  “Boards continue to pass the cyber buck by delegating accountability to technical leads likes CIOs and CTOs. Cyber security is the responsibility of the CEO and the main board as it is the most significant issue facing businesses today,” commented Rob Cotton, CEO at NCC Group. “To address this we have created a Cyber Security Committee, and as CEO, I personally sit on the committee and assess the performance of the Group’s internal security and defences, reporting back on a monthly basis. 

To better promote board level ownership, NCC Group developed and released the Cyber Security Committee Toolkit – offering documentation which can help other companies launch their own, similar committees. “Boards fully discuss, report and become expert on accounting policies, health & safety, CSR and executive remuneration, however, this is not the case with a company’s most valuable assets: its data and information. It’s time to take control and be proactive,” Cotton continued.  “We’d welcome discussion with any company looking to set up a Cyber Security Committee.”

Image Credit: Den Rise / Shutterstock