7 in 10 business leaders are concerned about cyber attacks

In the wake of Russia’s invasion of Ukraine and the shift to hybrid working, the Institute of Directors has found that 72% of business leaders view cyber risk as a significant concern for their organisation, with 58% believing that the risk of a cyber attack on their organisation has increased.

In its poll of nearly 600 directors, the IoD also found that:

  • 54% believe that every board member has enough expertise to understand the potential impact and value of cyber security in respect of their organisation
  • 61% state that their organisation has appropriate controls and monitoring mechanisms in place which assure them that their cyber security measures are effective
  • 46% state that their organisation ensures that cyber security is considered in every business decision
  • 54% state that their organisation has an incident management plan in place for cyber attacks
  • 46% state that their organisation is able to access cyber insurance cover

Dr Roger Barker, the Institute’s Director of Policy, said:

“The results of our survey provide evidence that many businesses are taking cyber security seriously. However, a higher level of awareness and expertise is needed on boards of directors in view of the unprecedented shift to home working and heightened geopolitical tensions.

“Hybrid working is here to stay. However, a remote workforce brings with it enhanced cyber risks, with employees relying on their home networks – and sometimes their own devices – to complete tasks. Companies have not yet fully adjusted to this reality.

“Furthermore, cybersecurity authorities have warned that Russia’s invasion of Ukraine exposes organisations both within and beyond the region to increased malicious cyber activity.

“A significant proportion of IoD members are concerned about their ability to access cyber insurance cover. During the last year, cyber insurance rates have increased significantly, and there are uncertainties around what is and isn’t covered by insurance, particularly with respect to exposure to state-sponsored cyber attacks.

“The National Cyber Security Centre is a key source of guidance for companies seeking to address current cyber challenges. In particular, the NCSC’s toolkit for board members represents an essential reference point for directors in their oversight of cyber security.”

The National Cyber Security Council (NCSC) has produced an overview of Russian cyber threats to critical infrastructure and mitigation guidance for all organisations here and its toolkit for board members is available here.

 

Full survey results

575 respondents, conducted between 13th-27th April 2022

In the wake of Russia’s invasion of Ukraine, experts and regulatory bodies have warned of an increased risk of cyber attacks on Western companies. To what extent do you agree or disagree with the following statements?

Strongly agree Agree Neither agree nor disagree Disagree Strongly disagree Don’t know N/A
Cyber risk is a significant concern for my organisation. 28% 44% 18% 6% 2% 1% 1%
The risk of a cyber attack on my organisation has increased. 17% 41% 30% 6% 2% 4% 1%
Every board member has enough expertise to understand the potential impact and value of cyber security in respect of my organisation. 13% 41% 18% 20% 5% 1% 3%
My organisation has appropriate controls and monitoring mechanisms in place which assure me that our cyber security measures are effective. 13% 48% 26% 7% 3% 2% 2%
My organisation ensures that cyber security is considered in every business decision. 11% 35% 29% 20% 3% 1% 2%
My organisation has an incident management plan in place for cyber attacks. 14% 40% 19% 19% 4% 2% 3%
My organisation is able to access cyber insurance cover. 18% 28% 21% 11% 3% 14% 5%