Skip to content

9 July, 2025

  • Saved Articles
  • My Account
  • Subscribe
  • Log In
  • Log Out

Board Agenda

  • Governance
  • Strategy
  • Risk
  • Ethics
  • News
  • Insight
    • Categories

      • View all
      • Governance
      • Strategy
      • Risk
      • Ethics
      • Board Expertise
      • finance
      • Technology
    • EU sustainability

      Omnibus package must not undermine EU sustainability

      Now is the time for Europe to speed up green transition, rather than slow it...

    • high pay

      Pay gap transparency needs to be better

      It’s not unknown for a CEO to earn 500 times as much the median employee,...

    • executive pay

      Executive pay trends in 2025

      Opposition to remuneration reports has grown sharply, according to Georgeson’s analysis of voting outcomes in...

  • Comment
      • View all
    • EU sustainability

      Omnibus package must not undermine EU sustainability

      Now is the time for Europe to speed up green transition, rather than slow it...

    • high pay Pay gap transparency needs to be better

      It’s not unknown for a CEO to earn 500 times as much the median employee,...

    • future-proof governance levers How to future-proof your business

      For boards to bolster resilience and create value in a polycrisis, a combination of hard...

  • Interviews
      • View All Interviews
      • Podcasts
      • Webinars
    • UK Corporate Governance Code Board meetings ‘are not up to scratch’

      Nearly three-quarters of board members believe the board’s performance in meetings needs improvement, an expert...

    • financial sanctions Tariffs chaos drives boardroom focus on resilience

      Business leaders will prioritise the resilience of their organisations in the face of economic upheaval...

    • supply chain oversight Act now on supply chain oversight, boards warned

      Board directors need to critically engage with the business’s supply chain activity, a panel of...

  • Board Careers
  • Resource Centre
      • White Paper Downloads
      • Book Reviews
      • Board Advisory & Corporate Services
    • C-suite barometer: outlook 2025 – UK insights

      Forvis Mazars draws UK insights from its global study and looks at UK executives’ strategic...

    • Talent Management 2025 Mind Gym

      Talent Management in 2025

      From rethinking leadership to wrestling with AI, MindGym's report reveals the trends shaping talent strategies...

    • Korn Ferry CHRO 2025 (Copy)

      On The Highwire: Being a CHRO in 2025

      Korn Ferry surveyed 750 senior HR leaders (including 450 CHROs) to understand their key priorities...

  • Events
  • Search by topic
    • Governance
    • Strategy
    • Risk
    • Ethics
    • Regulation
    • ESG
    • Investor Relations
    • Careers
    • Board Expertise
    • finance
    • Technology

FRC Lab publishes report on digital security risk disclosures

by News Desk on August 21, 2022

Boards need to move beyond a ‘boilerplate and overly static’ approach to digital risk disclosures, advises the Financial Reporting Council.

FRC digital disclosure

Image: Song_about_summer/Shutterstock.com

The FRC Lab’s Digital Security Risk Disclosure report provides practical advice to companies making disclosures in respect of digital security strategies, risk and governance. The report reiterates the “fundamental” importance of management of digital security risk, and highlights the need to provide sufficient information to assist stakeholders in assessing a company’s ongoing viability and resilience against cyber, data and other digital threats. It reminds companies of recent high profile cyber and data incidents and the landscape of increased geopolitical tensions.

The report found that, whilst many FTSE 350 companies report on digital risk (often disclosing cyber risks), such disclosures tended to reflect an approach described as “boilerplate and overly static”, thereby falling short of the level of disclosure required by stakeholders to make informed assessments.

To improve disclosures, the report makes a number of practical recommendations on how to make useful and material ‘core’ and ‘enhanced’ disclosures, falling into the following broad categories:

Strategy

• Provide the context for digital security and strategy and its importance to a company’s broader strategy and business model and ability to generate value;
• Indicate how external trends associated with digital security and strategy are integrated into the company’s approach; and
• Link digital security and strategy disclosure to the company’s broader strategy.

Governance

• Link the governance of digital transformation and security risks to strategy and risk appetite;
• Show how the board and its committees have oversight of these risks. This may also include who within the company has ownership of specific risks, and the access they have to senior leaders;
• Explain what a company has done to foster a digital security (or cybersecurity) culture; and
• Outline the relevant skills of the board and assurance obtained.

Risk

• Link the digital security and strategy risks to strategic objectives and risk appetite;
• Consider the actions and activities taken to mitigate risk and how risks have evolved;
• Provide information about the risk and mitigations at the right level of granularity; and
• Connect digital security and strategy with disclosures on viability and resilience.

Events

• Provide information about the actions taken and events themselves; and
• Help them to understand the effectiveness of a company’s response and how lessons learned from the event will be, or have been, incorporated into changes to relevant structures and processes.

Show how the board and its committees have oversight of these risks

The report also sets out some practical examples of useful disclosures made under each of the four categories by reference to an ‘example bank’. However, the report also notes that its practical examples and recommendations should not be treated as a disclosure checklist, as not all risk disclosures apply to each company. The FRC reminds companies that a tailored and considered approach, providing disclosures which are material and relevant for the company and its stakeholders, should be applied.

Next steps:

Internal report and risk teams should refer to the practical examples and useful resources provided in the report and consider how internal reporting lines and processes may need to be updated or improved in order to provide valuable disclosures to stakeholders on management of cyber, data and digital risks and threats.

Review existing communications and escalations channels and consider to what degree these channels are functioning effectively—consider how effectively the company’s digital security strategy is communicated throughout the company and whether such strategy is adequately implemented and monitored.

Further information:

Click here for a copy of FRC Lab Report: Digital Security Risk Disclosure 

This article was produced in association with White & Case UK’s Public Company Advisory team. Read their original alert here.

  • Facebook
  • Twitter
  • Google+
  • LinkedIn
  • Mail

Related Posts

  • Cyber security reporting falls short
    August 4, 2022
    cyber security

    UK companies are struggling to provide focused disclosures as cyber attacks continue to increase, says the FRC.

  • Are cyber disclosure demands too high?
    August 15, 2022
    cyber disclosure

    Organisations increasingly struggle with cybersecurity as they balance fear of reputational damage against cyber disclosure requirements.

  • OECD warns that Covid-19 requires a governance response
    June 30, 2021
    Covid-19 crisis and stock market prices

    Corporate governance will play a "crucial role" in supporting the recovery of economies after Covid, according to OECD chief Mathias Cormann.

  • FRC reviews corporate governance reports 2021-22
    October 28, 2022
    FRC review reports

    The watchdog found the quality of reporting to be good, but there were many areas of concern, including cash flow statements.

Search


Follow Us

Register Free

Stay in the know! Register to access the latest governance news; plus receive updates about our events and podcasts – Sign up here

 

Most Popular

Featured Resources

wef global risks 2025

The Global Risks Report 2025

The 20th edition of the Global Risks Report reveals an increasingly fractured global...
Supply chain management cover

Strategic Oversight in Supply Chain Management: A Guide for Corporate Boards 2025

Supply chains have become complex, interdependent and opaque and—according to research...
OB-Cyber-Security

Cyber Security: What Boards Need to Know

Maintaining firewalls, protecting servers and filtering malicious emails rarely make...

The IA’S Principles Of Remuneration 2024 2025

This guidance from the Investment Association is aimed at assisting remuneration...
Diligent 2024 leadership tech cover

Leadership, decision-making & the role of technology: Business survey 2024

This research report by Board Agenda and Diligent sheds light on how board directors...

Director Reference Guide: Navigating Conflict in the Boardroom

The 'Director Reference Guide' on navigating conflict in the boardroom provides practical...
Nasdaq 2024 governance report cover

Nasdaq 2024 Global Governance Pulse

This Nasdaq survey gathered data from more than 870 board members, executives, and...

Becoming a non-executive director (4th edition)

Board composition is the subject of much debate, while the role of the non-executive...
art & science brainloop new cover

The Art & Science of Creating an Effective Board

Boards are coming under more scrutiny and pressure than ever before from regulators,...
SAA First time NED guide

First Time Guide for Non-Executive Directors

The role of the non-executive director has never been more vital: to advise, support,...

Register Free

Stay in the know! Register to access the latest governance news; plus receive updates about our events and podcasts. Register


  • Editors & Contributors
  • Editorial Advisory Board
  • Board Advisory & Corporate Services
  • Media Marketing Solutions
  • Contact Us
  • About Us
  • Board Director Network
  • Terms & Conditions
  • Privacy Policy
  • Cookies
|

Copyright © 2025 Questor Media Group Ltd.

  • Terms & Conditions
  • Privacy Policy
  • Sitemap