A Government survey of the FTSE 350 has revealed 68% of board members have not been trained to deal with cybersecurity incidents, potentially leaving their businesses in danger.
More than half of board members recognise that cyber threats are a top risk to their business but 69% of them still do not receive comprehensive information on that risk.
The Government is urging businesses to collaborate with the National Cyber Security Centre to develop methods to protect themselves from the economic effects of a successful cyberattack.
Matt Hancock MP, the minister for digital, said that recent incidents had shown “the devastating effects of not getting our approach to cyber security right” and added that the UK has “a long way to go until all our organisations are adopting best practice”.
Firms involved in energy, transport and health are now also facing multimillion-pound fines under proposals which will require them to have strong cybersecurity measures in place.
The suggested fines are aimed at preventing hackers from crippling networks, as happened earlier in the summer with NHS systems.
Speaking to Sky News, Mr Hancock said: “What matters is keeping people’s data secure and good cybersecurity.”
There are a range of good cybersecurity measures available, and Government legislation will require companies to monitor threats and detect attacks, train their staff and have quick recovery systems in place in the case of an attack.
Like the fines of up to 4% of their global turnover for companies who are found to mishandle public data, those firms involved in critical sectors face regulatory action for their lapse cybersecurity.
“The truth is this: good data security and innovative use of data go hand in hand – it’s not an either-or,” Mr Hancock said.
“Frankly, people who can do the two together will get more out of this than (those) seeing cybersecurity as something left to the IT department.”
In 2015, TalkTalk claimed that it had experienced a “significant and sustained cyberattack”, although an investigation into the incident found that a rudimentary security vulnerability was responsible.
Its share price tumbled following the attack and has still not recovered. Its reputation was damaged even further when the company was handed a record fine by the data watchdog for lapse security practices.