Save the date for FCSA Forum 2024 – Tuesday July 2nd in London


Cyber security – a Board-level risk


We’ve all heard of cyber attacks and many of us have suffered the effects of them.

What most people don’t appreciate is that cyber attacks take all sorts of forms from the stereotypical geek showing off his or her talents to what Superintendent Ted Hastings would refer to as “serious and organised criminal gangs” often based offshore and sometimes state-sponsored who are in it for the money. Added to that there’s the genuine state actor, whose motives are usually more political but can still be indiscriminate.

All are equally vexatious and all can have a very serious effect on businesses and their customers. Recovering from a cyber attack of any significance can be a massive job – it’s not just a “restore from backup” operation which can be done in a couple of hours. It requires painstaking and specialist examination of every single system and every piece of hardware before they can be brought back online, or, quite often, entirely scrapped and replaced. The recovery time can range from days to many weeks depending on the complexity of the system and the depth of attack.

That’s why all businesses need to have cyber security on their Board level risk registers and take active measures to harden their systems and processes as much as possible against attack. But let’s not kid ourselves that even the strongest measures will always be 100% effective, the cyber criminals are often extremely skilled and very well funded and adapt their methods almost as quickly as the cybersecurity experts adapt theirs. That’s why we’ve partnered with Mitigo Group to bring cybersecurity expertise to all FCSA members.

That’s why today’s (6th April 2022) article in The Times by Tony Danker, Director General of the CBI, and Steve Barclay, Chancellor of the Duchy of Lancaster and No 10 chief of staff is so welcome. In the article they point out a key recommendation:-

[We] are jointly calling on businesses to work together and treat cybersecurity as a core boardroom responsibility; an equal threat to financial and other risks.

In our recent submission to Treasury, FCSA has called upon government to take action:-

FCSA recommends that a joint task group is formed as soon as is practicable formed of BEIS, Companies House, HMRC, NCA, National Cyber Security Centre, Nominet and FCSA (which now has extensive data and experience in this area) to begin to create unified rapid response protocols to deal with what is a serious threat to both service providers and individual workers.

Hopefully, the involvement of Tony Danker and Steve Barclay means that our recommendation will be heard and acted upon.