Don't fob off cyber security probe to IT leaders, bosses told
The heads of Britain’s largest quoted companies will no longer be able to leave cyber security entirely in the hands of their IT leaders thanks to a computer threats survey which they must fill out themselves.
Announced by the government last week, the Cyber Tracker initiative will see FTSE 350 chairmen complete a questionnaire designed to reveal how well their company is protected from, and prepared for, a cyber security breach.
The results of the ‘cyber governance health check’ will let the firms benchmark their security strategy against both their peers (albeit anonymously) and key indicators, while helping the government assess the effectiveness of its cyber security strategy.
However urging the chairmen to take part in a written invitation, obtained by the Financial Times, security chiefs at MI5 and GCHQ said that the bosses should not be tempted to fob the task off on their IT leaders.
“By delegating the completion of the tracker (e.g. to your chief information officer), your results may overlook existing internal vulnerabilities linked to governance,” the agencies reportedly wrote.
Also according to the newspaper, the second stage of the ‘health check’ will be detailed discussion with a company’s audit firm about areas in which it might be vulnerable, such as data protection or intellectual property.
Meanwhile, professional services firm Deloitte understands that the tracker will ‘go live’ in September and remain open for around one month. Key findings from the surveys will be published in October.
“Just trying to prevent an attack is no longer a realistic strategy,” said the firm’s head of security Mike Maddison, welcoming the initiative. “Today it is about being aware, preparing and being able to respond effectively if a breach does occur. Companies need to adopt an end-to-end approach, from the network all the way up to the boardroom.”