Skip to content

24 June, 2025

  • Saved Articles
  • My Account
  • Subscribe
  • Log In
  • Log Out

Board Agenda

  • Governance
  • Strategy
  • Risk
  • Ethics
  • News
  • Insight
    • Categories

      • View all
      • Governance
      • Strategy
      • Risk
      • Ethics
      • Board Expertise
      • finance
      • Technology
    • long-term stewardship

      Stewardship strategies

      In times of uncertainty and growing risk complexity, boards need to evolve beyond stability. Here...

    • clear cyber risk

      UK companies face a clear cyber risk

      Boards need a laser focus on digital risks—and the UK needs stronger audit, governance and...

    • public markets

      How can we boost public markets?

      Growing companies need adequate liquidity, together with smart regulation and corporate governance that is not...

  • Comment
      • View all
    • clear cyber risk

      UK companies face a clear cyber risk

      Boards need a laser focus on digital risks—and the UK needs stronger audit, governance and...

    • Warren Buffett CEO succession: what boards can learn from Warren Buffett

      The billionaire investor is handing the reins to Greg Abel, after a long, strategic succession...

    • gender pay gap Act now to close the gender pay gap

      This month, it is 55 years since the Equal Pay Act, yet pay inequality persists....

  • Interviews
      • View All Interviews
      • Podcasts
      • Webinars
    • UK Corporate Governance Code Board meetings ‘are not up to scratch’

      Nearly three-quarters of board members believe the board’s performance in meetings needs improvement, an expert...

    • financial sanctions Tariffs chaos drives boardroom focus on resilience

      Business leaders will prioritise the resilience of their organisations in the face of economic upheaval...

    • ai boards Corporate world has a ‘huge appetite’ for artificial intelligence

      AI could change boardrooms to the extent that directors’ duties would change too, a panel...

  • Board Careers
  • Resource Centre
      • White Paper Downloads
      • Book Reviews
      • Board Advisory & Corporate Services
    • Korn Ferry CHRO 2025 (Copy)

      On The Highwire: Being a CHRO in 2025

      Korn Ferry surveyed 750 senior HR leaders (including 450 CHROs) to understand their key priorities...

    • Boardroom Bellwether CGI 2025 cover

      Boardroom Bellwether 2025

      Boardroom Bellwether is the annual survey by The Chartered Governance Institute UK & Ireland (CGIUKI),...

    • ACCA sustainability reporting 2025 cover

      Sustainability reporting: risk and materiality 2025

      ACCA’s sustainability guide takes a practical approach to helping businesses with sustainability reporting.

  • Events
  • Search by topic
    • Governance
    • Strategy
    • Risk
    • Ethics
    • Regulation
    • ESG
    • Investor Relations
    • Careers
    • Board Expertise
    • finance
    • Technology

Are you serious about cybersecurity?

by Richard Brinson

Artificial intelligence chatbot hackers are just the latest in a long list of cyber threats, which are not going away any time soon.

cybersecurity chatbot

Image: Idol Design/Shutterstock.com

The threat of companies being hit by a cyber-attack is increasing dramatically. Global cyber-attacks soared by 38% in 2022 compared with the previous year, while there were 2.4m instances of recorded cybercrime across all businesses in the UK in the last 12 months—with the real number probably higher.

One estimate by Cybersecurity Ventures puts the global cost of cybercrime as reaching £8.4trn annually by 2025: if it was measured as a country, cybercrime would be the world’s third largest economy after the US and China.

If its cost was measured as a country, cybercrime would be the world’s third largest economy after the US and China.

The ways in which hackers are breaking into systems are getting more guileful, too. In September, British security chiefs warned of fresh threats where companies integrate artificial intelligence (AI) chatbots into their systems due to their susceptibility to manipulation and cyber risks. The new research by the National Cyber Security Centre outlines how hackers can trick AI-powered chatbots into performing unauthorised actions, such as making fraudulent payments or corrupting confidential data.

This just makes it all the more important that UK companies take the cybercrime threat seriously. Yet a new research report that our team at Savanti has just produced by interviewing senior business leaders, including those in FTSE 100 companies, shows that many boards are struggling to understand how to manage cyber risk effectively and combat cybercrime, putting them at increased risk of crippling costs such as ransoms running into millions of pounds, litigation and reputational damage. In fact, one estimate finds that six in 10 directors say their company is ineffective in even understanding the risks.

Steps for the board to take

First, cybersecurity is often merely filed under ‘any other business’ at board meetings, when given the increasing high risks of a cyber-attack, it should be discussed more often—at least on a quarterly basis.

Our research also found many businesses are ‘cyber-lite’, in that their boards have little to no representation of directors with data and cybersecurity experience. It’s second nature to have finance and HR representation at board level because of their importance across the business yet, despite the increasing risk of cyber-attack, knowledge of cyber issues is, at best, under-represented and, at worst, ignored. Having at least one board member with direct experience of cybersecurity issues would increase board capability.

History shows us that SEC rulings have a habit of becoming the de facto standard for good governance.

Finally, those businesses who do improve their board governance on cybersecurity are likely to get ahead of the curve. In July, the Securities and Exchange Commission (SEC)—the US agency comparable to the UK’s Financial Conduct Authority—issued a ruling requiring companies to describe their management oversight of cyber and their processes for the assessment, identification, and management of material cyber risks, as well as to report material incidents within a specified timeframe and standard reporting framework. The SEC also requires these companies to describe their board oversight of cyber risks.

History shows us that SEC rulings have a habit of becoming the de facto standard for good governance, meaning the ripple effect is likely to be considerable. Indeed, the SEC joins a growing list of regulators acting in this space, including the EU’s NIS2 Directive on network and information security, Australia’s Critical Infrastructure Act and Norway’s Security Act.

It’s highly likely more countries will follow suit. That could include the UK too, but even if doesn’t, the international reach of cybercrime means UK businesses will need to up their game.

More regulation on the way

My prediction is that more cyber regulation will emerge in the coming years in the UK and Europe that will eclipse the GDPR reporting rules—such as disclosing all material incidents, not just those that relate to personal information, to the relevant public authorities. So boards should act now.

Our report also highlights research from MIT, which found that enterprises with digitally savvy, cyber-engaged executive teams have significantly higher revenue growth, valuations and net margins. It found that effective cybersecurity also brings many top line benefits, including greater success rates when tendering for new clients, improved data insights, investor confidence and maintenance of shareholder value during mergers and acquisitions.

In short, while cyber threats may be increasing, so are the opportunities for those businesses who take action to improve their board governance of the issue.

Richard Brinson is CEO of cybersecurity consultancy Savanti

  • Facebook
  • Twitter
  • Google+
  • LinkedIn
  • Mail

Related Posts

  • Cyber criminals chase ransomware insurance money
    April 18, 2023
    ransomware insurance

    Specialist ransomware criminals are investigating victims’ insurance capacity—sometimes by blatantly asking companies outright.

  • Experts urge vigilance on cybersecurity amid Russian invasion of Ukraine
    February 28, 2022
    Russian flag in code

    UK and US cybersecurity agencies are among the specialists recommending that companies "bolster their defences" against cyber attacks.

  • Technology, cyber risk and ESG top list of business leaders' concerns
    June 8, 2022
    Digital code on skycrapers

    Mazars survey reveals 82% of executives plan to increase investment in IT systems, while 75% plan to boost spending on sustainability.

  • Home front: how digitalisation is moving cybersecurity boundaries
    October 20, 2021
    Man working remotely

    The pressure for digital transformation in the wake of Covid-19 is creating new cybersecurity challenges and responsibilities.

Search


Follow Us

Register Free

Stay in the know! Register to access the latest governance news; plus receive updates about our events and podcasts – Sign up here

 

Most Popular

Featured Resources

wef global risks 2025

The Global Risks Report 2025

The 20th edition of the Global Risks Report reveals an increasingly fractured global...
Supply chain management cover

Strategic Oversight in Supply Chain Management: A Guide for Corporate Boards 2025

Supply chains have become complex, interdependent and opaque and—according to research...
OB-Cyber-Security

Cyber Security: What Boards Need to Know

Maintaining firewalls, protecting servers and filtering malicious emails rarely make...

The IA’S Principles Of Remuneration 2024 2025

This guidance from the Investment Association is aimed at assisting remuneration...
Diligent 2024 leadership tech cover

Leadership, decision-making & the role of technology: Business survey 2024

This research report by Board Agenda and Diligent sheds light on how board directors...

Director Reference Guide: Navigating Conflict in the Boardroom

The 'Director Reference Guide' on navigating conflict in the boardroom provides practical...
Nasdaq 2024 governance report cover

Nasdaq 2024 Global Governance Pulse

This Nasdaq survey gathered data from more than 870 board members, executives, and...

Becoming a non-executive director (4th edition)

Board composition is the subject of much debate, while the role of the non-executive...
art & science brainloop new cover

The Art & Science of Creating an Effective Board

Boards are coming under more scrutiny and pressure than ever before from regulators,...
SAA First time NED guide

First Time Guide for Non-Executive Directors

The role of the non-executive director has never been more vital: to advise, support,...

Register Free

Stay in the know! Register to access the latest governance news; plus receive updates about our events and podcasts. Register


  • Editors & Contributors
  • Editorial Advisory Board
  • Board Advisory & Corporate Services
  • Media Marketing Solutions
  • Contact Us
  • About Us
  • Board Director Network
  • Terms & Conditions
  • Privacy Policy
  • Cookies
|

Copyright © 2025 Questor Media Group Ltd.

  • Terms & Conditions
  • Privacy Policy
  • Sitemap