• Many FTSE 350 boards still don’t understand the impact of a cyber attack on their business
• Incident plans are in place but are not tested thoroughly enough
• New measuring tool will help firms manage their cyber risk more effectively

Boards at some of the UK’s biggest companies still don’t fully understand the potential impact of a cyber attack according to a new report.

The Government’s Cyber Governance Health Check looks at the approach the UK’s FTSE 350 companies take for cyber security. The 2018 report published today shows that less than a fifth (16%) of boards have a comprehensive understanding of the impact of loss or disruption associated with cyber threats. That’s despite almost all (96%) having a cyber security strategy in place.

Additionally, although the majority of businesses (95%) do have a cyber security incident response plan, only around half (57%) actually test them on a regular basis.

Digital Minister Margot James said:

The UK is home to world leading businesses but the threat of cyber attacks is never far away. We know that companies are well aware of the risks, but more needs to be done by boards to make sure that they don’t fall victim to a cyber attack.

This report shows that we still have a long way to go but I am also encouraged to see that some improvements are being made. Cyber security should never be an add-on for businesses and I would urge all executives to work with the National Cyber Security Centre and take up the government’s advice and training that’s available.

Awareness of the threat of cyber attacks has increased. Almost three quarters (72%) of respondents acknowledge the risk of cyber threats is high, which is a big improvement of only just over half (54%) in 2017.

The implementation of the General Data Protection Regulations (GDPR) in 2018 has had a positive effect in increasing the attention that boards are giving cyber threats. Over three quarters (77%) of those responding to last years health check said that board discussion and management of cybersecurity had increased since GDPR. As a result over half of those businesses had also put in place increased security measures.

Ciaran Martin, CEO of the NCSC, said:

Every company must fully grasp their own cyber risk – which is why we have developed the NCSC’s Board Toolkit to help them. This survey highlights some urgent issues companies will be able to address by putting our Toolkit’s advice into practice.

Cyber security is a mainstream business risk, and board members need to understand it in the same way they understand financial or health and safety risks.

Meanwhile, more work is being done to improve the cyber resilience of business, and a new project has been announced that will help companies understand their level of resilience. The cyber resilience metrics will be based on a set of risk-based principles to allow firms to measure and benchmark the extent to which they are managing their cyber risk profile effectively.

Once developed these indicators will provide board members with information to understand where further action and investment is needed.

Government is recommending the Boards continue to make improvements to their cyber security. This includes using the guidance published by the National Cyber Security Centre (NCSC) to improve the management of risks.

Companies should also ensure that cyber risks are taken into account in their business strategy and appoint a Chief Information Security Officer (CISO) or other appropriately placed staff members who can clearly communicate information about cyber risks to the board.

Notes to editors:

1. Read the 2018 FTSE 350 Cyber Governance Health

2. DCMS’s Cyber Governance Health Check is part of the Government’s National Cyber Security Strategy: 2016-2021 to make the UK the safest place to live and do business online. It is backed by £1.9 billion investment over five years.

3. The 2018 FTSE 350 Cyber Governance Health Check was undertaken in partnership with Winning Moves and support from EY, KPMG, PwC and Deloitte who have worked with their FTSE 350 clients to participate in the survey.

Additional quotes

Richard Horne, cyber security partner at PwC said:

Boards need to recognise that they have a responsibility to drive changes to business and IT operating models to enable their organisations to be securable. Managing cyber risk is about far more than just building security controls, and requires board-driven business change.

At PwC, we work with a variety of organisations and there’s always a noticeable difference in those who have a strong understanding of cyber risk at board level.

Gavin Cartwright, Associate Partner, Cyber security at EY said:

With only 1 in 5 FTSE 350 companies undergoing a cyber simulation last year, the report highlights that cyber security is still not fully embedded in the culture of many of these companies. In addition to having cyber security strategies in place, organisations and their boards need to continually build and invest in their in-house capabilities, practice responses and train and evaluate cyber-first responders across their business and supply chain.

Kevin Williams of the KPMG UK cyber security practice said:

Cyber security is a business issue, not an IT issue. Some of the more successful companies ensure regular reporting on cyber risks directly to the board, creating clear line of sight between the business and the risk. They also ensure regular testing of their capabilities to respond to information security incidents.

The 2018 survey shows that we are moving in a positive direction, but there continues to be a need for a more comprehensive understanding of the impact of loss or disruption associated with cyber threats to an organisation. The investment needs to be not only financial but in education for all and ensuring the right resources are in place to innovate, take advantage of new technological advances, whilst assessing the risks and responding accordingly.

Public Health England (PHE) has today, Tuesday 5 March 2019, launched the major new national campaign ‘Cervical Screening Saves Lives’, to increase the number of women attending their cervical screening across England.

The campaign will encourage women to respond to their cervical screening invitation letter, and if they missed their last screening, to book an appointment at their GP practice.

Around 2,600 women are diagnosed with cervical cancer in England each year, and around 690 women die from the disease, which is 2 deaths every day. It is estimated that if everyone attended screening regularly, 83% of cervical cancer cases could be prevented.

New research from PHE shows that nearly all women eligible for screening (90%) would be likely to take a test that could help prevent cancer – and of those who have attended screening, 9 in 10 (94%) would encourage others who are worried to attend their cervical screening. Despite this, screening is at a 20-year low, with 1 in 4 eligible women (those aged 25 to 64) in the UK not attending their test.

The new PHE campaign provides practical information about how to make the test more comfortable, and gives reassurance to women, who may be fearful of finding out they have cancer, that screening is not a test for cancer.

Regular screening, which only takes a few minutes, can help stop cervical cancer before it starts, as the test identifies potentially harmful cells before they become cancerous, and ensures women get the right treatment as soon as possible.

The PHE research shows that once they have been screened, the vast majority of women feel positive about the experience, with 8 in 10 (87%) stating they are ‘glad they went’ and that they were ‘put at ease by the nurse or doctor doing the test’ (84%).

Professor Anne Mackie, Director of Screening Programmes at PHE said:

The decline in numbers getting screened for cervical cancer is a major concern as it means millions of women are missing out on a potentially life-saving test. Two women die every day in England from cervical cancer, yet it is one of the most preventable cancers if caught early.

We want to see a future generation free of cervical cancer but we will only achieve our vision if women take up their screening invitations. This is a simple test which takes just five minutes and could save your life. It’s just not worth ignoring.

Steve Brine, Public Health Minister said:

It is a tragedy that women are needlessly dying of cancer when a simple test can identify any risks early on. We hope this new campaign – the first of its kind in this country – will save lives and I am delighted to see it launch today.

Improving cancer detection and diagnosis is a core part of our Long Term Plan for the NHS, and from April, any patients with suspected cancer will begin to receive a diagnosis or the all clear within 28 days, and £200 million is being invested to fund new ways to rapidly detect and treat cancer.

Dr Dawn Harper said:

Cervical screening is one of the most important things women can do to protect themselves from the risk of cervical cancer. Screening can stop cancer before it starts and saves thousands of lives every year.

Some women are nervous or embarrassed about the test and put off having it done. While it’s not the most enjoyable experience most women say it wasn’t as bad as expected and were glad they did it.

The tests are usually done at your GP surgery by female nurses who are trained to make women feel more comfortable and talk them through the process. I cannot stress how important it is not to ignore your screening letter – it’s a five-minute test that could be lifesaving.

Christine Lampard, television presenter, said:

I can’t say I’m thrilled when my cervical screening invite is posted through my door, but I know how important it is that I get tested. It’s an awkward five minutes that could save your life!

As a mother, I will never ignore my screening invitation and when my daughter, Patsy, is old enough, I‘ll encourage her to attend her screenings too. As women we should talk positively about our bodies and the importance of cervical screening – it’s an important way to protect our health.

The campaign is also being supported by charities, including Jo’s Cervical Cancer Trust. Activity includes new advertising on TV and other channels, together with the cascade of information through GP surgeries and pharmacies.

For further information about cervical screening, please search ‘NHS Cervical Screening’ or view the NHS Cervical Screening resources.

Background

• This campaign is run with the support of NHS England and charity partners, such as Jo’s Cervical Cancer Trust, Eve Appeal and Lady Garden
• Campaign assets including the new TV advert, can be downloaded from Dropbox
• Cancer is one of the leading causes of premature death in England, accounting for over 40% of premature deaths, with an annual cost to the NHS of £5 billion. Early diagnosis of cancer and screening programmes are important parts of the NHS Long Term Plan

Publication of the government’s response to its Call for Evidence on the impact of social media on the administration of justice.

The government’s response to its Call for Evidence on the impact of social media on criminal trials (PDF, 114KB, 16 pages) has revealed that social media doesn’t currently pose a serious threat.

The Call asked for examples of trials being affected by social media commentary, and evidence of anonymity orders or reporting restrictions being breached via social media.

Individuals from across the criminal justice system, as well as members of the public, media organisations and academics were consulted and agreed that, although the risk has increased in recent years, social media does not yet pose a serious threat to the criminal justice system.

Commenting on the Call for Evidence, the Solicitor General, Robert Buckland QC MP said:

Every defendant in this country is entitled to a fair trial where a verdict is delivered based on the evidence heard in court.

We launched this Call for Evidence with the goal of discovering whether the legal process was at risk due to social media, and whether people working in the criminal justice system have the tools they need to manage that risk. I am pleased to say that our respondents reported that this risk is relatively minor, and that they are already confident that they can mitigate the risk where it does arise. We need to guard against any future proliferation of the threat, however.

Social media users must think before they post – the rules are the same as those for traditional media, and being found in contempt of court could result in a fine or up to two years in prison.

One area of concern was that some social media users are unaware of reporting restrictions and of what would constitute a breach of an anonymity order or contempt of court. Therefore, social media posts which are in contempt of court or which identify someone subject to an anonymity order are not uncommon. This has the potential to put trials at risk, as it could prejudice parties involved in the case, such as jurors, although cases where this has occurred have so far been rare.

To address these concerns, a new ‘Contempt of Court’ webpage on GOV.UK has been launched to promote the safe use of social media by clearly and accessibly explaining the risks and implications of using social media to undermine the administration of justice.

To further mitigate the risk of juries becoming prejudiced, the Judicial Office has begun work to produce new, comprehensive guidance on contempt for jurors. However, members of the judiciary reported that they are confident that they already have access to the tools necessary to mitigate the effects of prejudicial social media posts, although there was some concern about the delay that these can cause to the trial process.

Notes to editors

1. The Call for Evidence was launched in September 2017, under the previous Attorney General Jeremy Wright QC MP.
2. The Call for Evidence requested examples of active proceedings in which social media had an impact, breaches of reporting restrictions, and other thematic concerns.
3. The Contempt of Court Act 1981 provides the framework for what can be published in order to ensure that legal proceedings are fair and that the rights of those involved in them are properly protected.

The 12th annual National Apprenticeship Week launched today with the theme ‘Blaze A Trail’, inspired by our new ‘Fire It Up’ national marketing campaign