Skip to main content

Only some FTSE 100 companies disclose security testing

(Image credit: Image Credit: ESB Professional / Shutterstock)

A large number of FTSE 100 organisation have not disclosed details on what forms of cyber risk testing they are carrying out to ensure they stay safe from threats. 

A newly released report by Deloitte found that just 21 per cent of companies disclosed in their annual report that they provided cyber security updates to the Board on a regular basis.

According to head of cyber risk services at Deloitte UK, Phill Everson, this type of testing demonstrates “ways to continually and proactively test for flaws, whilst also showing commitment in fixing them if identified.”

However, greater disclosure of this in reports could identify more companies doing so, he added.

The upcoming GDPR regulation is another reason why businesses should be doing more to identify potential flaws, the report says, adding that a fifth of companies is not enough.

Even though a “small portion” of FTSE 100 companies provide security updates to the Board, almost nine in ten (89 per cent) see cyber security as a “principal risk”.  Data loss, financial loss and damage to reputation are seen as the biggest concerns.

Everson continues: “An area that has had less recognition in the past is the insider threat, but it is mentioned by 23 companies this year. 17% of companies this year identified malware as a threat, up from 12% last year. In future we expect to see more companies go into greater depth on their strategies to mitigate against employee risk and the threats posed by malware.

“Elsewhere, we are also seeing companies provide more clarity on who is internally responsible for cyber risk. Over the last two years, one in five companies disclosed the creation of a brand new role or body to have overall accountability on cyber. This shows that companies are upgrading their approach to match the raised level of threat. This brings the total number of FTSE 100 companies with a clearly identified person or team with cyber security responsibility to 38, but we would like to see 100%, and expect investors would as well.”

Image Credit: ESB Professional / Shutterstock


Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.