Last year’s introduction of the GDPR (General Data Protection Regulation) seems to have had a positive effect on the UK’s major public companies. A new government survey has found that they have taken major steps to protect data. However, awareness of supply chain vulnerability – especially from fourth parties and others – continues to lag behind.
Having come into effect on May 25, 2018, GDPR has “contributed to a greater level of board engagement in cybersecurity issues” among FTSE 350 companies, according to the government’s Cyber Governance Health Check.
“The 2018 Health Check indicates that GDPR has increased the attention FTSE 350 boards give to cyber risk,” the survey said. “Over three quarters of businesses (77%) report that board discussion and management of cyber risk has increased since the introduction of GDPR, and more than half (55%) of these businesses have increased measures as a result.”
According to the survey, 95% of FTSE 350 companies have developed cyber incident response plans, but just 57% of those businesses test those plans regularly.
The health check also identified weaknesses in the oversight FTSE 350 companies have of the efficacy of cybersecurity measures throughout their supply chains.
“The supply chain is increasingly becoming a target for cyber attacks; however, recognition of cyber risks in the supply chain appears to be a significant gap amongst a large proportion of businesses,” revealed the report. “Whilst recognition of the cyber risks arising from businesses in the supply chain is relatively high (73%), less than a quarter (23%) of businesses recognise the cyber risks associated with businesses that are not directly contracted by the business (fourth party and beyond), leaving them particularly vulnerable to such threats”.
Find out more via the link.