Just 5% of FTSE 100 boards have members with either technology or cybersecurity expertise, according to a survey of annual reports from professional services firm Deloitte.
Phil Everson, head of cyber risk services at the firm, described the figure as “alarming” and described the approach to security as an issue for investors.
The firm’s research, based on the most recent annual reports as of 30 September 2016, found that despite the low level of boardroom expertise, 87% of companies said that cybersecurity was a principle risk.
One in ten companies said they had created a new body or committee to take over the supervision of cybersecurity.
Everyone said there was, however, a growing expectation that boards would take a role in managing security, with 10% of FTSE 100 members giving training to directors.
“With the pervasive nature of technology and the focus on cyber risk, it is alarming that only one in twenty boards disclose that they currently have board members with specialist technology or cyber background and only a handful more disclose that they have advisors to the board with this experience,” said Everson.
“This is not sustainable, but also reinforces the importance of disclosing such information to investors.”
Everson was concerned that employee action was not among the threats listed by firms in their reports.
“Company employees are, knowingly or unintentionally, the most common cause of a cyber breach.”