Board-level representation for cyber security has surged 55pc in the last 12 months within the UK’s critical national infrastructure (CNI) according to a cyber firm.
Bridewell surveyed some 521 staff responsible for cyber security at UK CNI bodies (covering civil aviation, telecommunications, energy, transport, media, financial services and water supply).
In central government, those organisations with a board-level cyber security representative rose massively from just 6pc last year to 57pc this year. As the cyber firm points out, attackers gained access to masses of data in a successful 2021 attack on the Electoral Commission, for example. In November 2023, the UK official National Cyber Security Centre’s annual review featured a call from the government for improved CNI cyber preparedness as threats mount. Bridewell adds that further attacks on election infrastructure are likely this year ahead of the July 4 general election.
Across all CNI sectors, 29pc of organisations now have a Chief Information Security Officer (CISO) or person with cyber security responsibilities on their board of directors, compared with 19pc last year. More than a quarter (27pc) of organisations are bringing in such changes, and 19pc plan to within the next 12 months.
The research found, for example, that in the civil aviation sector, although 37pc of organisations already have a cyber security board member and 21pc are in process of appointing one, 11pc have no plans and cannot foresee they will ever have one, despite the obvious threats.
Anthony Young, Chief Executive Officer of Bridewell, said: “As CNI organisations grapple with a challenging and changing environment, it is very welcome to see such a significant increase in board members with responsibility for cyber security. Even if the overall level is still too low and a greater sense of urgency is required, the signs are there that cyber security is getting the recognition it needs at the top table. The increase in such appointments among central government organisations, for example, shows they are acting on their own advice that organisations must give priority to cyber concerns.
“Threats are proliferating and nation-state activity is more determined and well-resourced, aimed very specifically at our critical infrastructure organisations. Cyber security must have a voice at the top table in every organisation as part of a fully-developed strategy that includes technology, human expertise and constant vigilance.”
The survey also found an 89pc increase in CNI bodies that have aligned their cyber security strategy to their business objectives – up from 15pc in the 2023 survey to 29pc this year.
See also the Bridewell blog – https://www.bridewell.com/insights/blogs.
