Corporate governance is failing to deal with the risk from cyber-threats, according to one of Britain’s leading intelligence chiefs.
Robert Hannigan, head of Government Communications Headquarters, or GCHQ, a major intelligence gathering centre, writes that investors do not know whether companies are looking after cyber-risk properly.
Writing in the Financial Times, Hannigan says company directors have not yet grasped the true significance of data protection.
“In boardrooms cyber security is now acknowledged as important, but is still seen as a baffling problem for IT experts to fix, or an unavoidable cost of doing business.”
He said the government has moved to beef up security by creating the National Cyber Security Centre as part of GCHQ, as well as other strategic measures to build defences at scale.
But, he adds: “…these and other more sophisticated measures will not absolve the private sector from building sensible security into their new products, their business models and their corporate governance at every level.”
Hannigan argues that company directors should stop viewing the problem as IT, but as an issue of protecting data and understanding “which data are most precious to them and how it is handled, stored and protected.”