Majority of the borad members (68%) in the FTSE 350 said they have not been trained in responding to a cyber attack, according to the research by accountants KPMG on behalf of the government. Marco Cova, Senior Security Researcher at Lastline commented below.
Marco Cova, Senior Security Researcher at Lastline:
“While this is a somewhat worrying revelation, it’s definitely not surprising. Board members with diverse job functions within an organization have struggled in the past to understand how serious a cyber-incident can be. While large-scale incidents like Not Petya may have gone some way towards remedying this, there is still something of a disconnect between the security team, the CISO, and the board. This is a problem which requires a top down solution, with the board and the CEO engaging more with how to respond appropriately to cyber incidents in order to set a good example for all employees below them in the business.”