Over two thirds (68 per cent) of board members at FTSE 350 businesses have not been trained to deal with major cyber security attacks, according to the latest government cyber health check report, revealed today.
"It's positive that cyber security is now front of mind for boards and business leaders, but concerning that many still are not equipping themselves with the right knowledge to respond when the worst does happen", said Zubin Randeria, cyber security leader at PwC on the survey's findings.
53% of boards receive only some information on cyber risk.
The survey interviewed 105 businesses in the FTSE 350, which found one in 10 have no plan to cope with a hack - the devastating effect of which is being felt on an nearly daily basis.
Further to this more than a quarter of businesses (27%) said their boards had no role to play in the event of a cyber attack.
"This is hugely important as knowing how to deal confidently with an incident in the heat of the moment can save time and money".
It comes into effect next May, implementing the General Data Protection Regulation (GDPR).
However, just 13 per cent said GDPR was a regular topic of conversation in board meetings, with only six per cent claiming to be fully prepared for the May 2018 implementation date. "Done right this can transform their business model helping match services to client needs, done wrongly then they run a growing risk of data breaches and subsequent enforcement action with the prospect of fines up to 4% of global turnover".
"This had significant implications in terms of the outsourced providers that charities used, and how much outside help they would ask for", the report says.
"It's worrying that with less than a year to go, many organisations still have a lot to do". GDPR will affect organisations in the United Kingdom and worldwide that have any dealings with consumers and businesses in European Union member states.
The survey also put the spotlight on the lack of information given to boards - the decision makers of an organisation.
Just over half of company boards said they set their business's appetite for cyber risk - up from a third in last year's survey - and 50 per cent said the board does review and challenge reports on the security of customers' data. "While educating and upskilling every executive would be a Sisyphean task, every business needs C-Level functional leaders to take responsibility for keeping the business running in these hard circumstances". "If they can do that, then perhaps cyber security will become mainstream and a vital component of doing business in our digital world", concluded Taylor.