This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

Governance in focus — Cyber risk reporting in the UK

Published on: 06 Feb 2017

Cyber crime is growing more rapidly than cyber security, and organisations have never been more at risk from cyber attacks. This is our first survey of cyber reporting practices covering the full FTSE 100 and we have designed it to identify examples of good practice and offer insight to all listed companies about how to keep the users of annual reports better informed.

We looked at reporting practices in the FTSE 100 around:

  • whether companies are identifying cyber as a principal risk, how they are categorising and describing the risk and its impact;
  • cyber crime, and whether companies have reported an increase in the level of cyber risk since the prior year;
  • the clarity of explanation of activities to mitigate the risk;
  • how clearly companies describe the ownership of cyber risk, particularly at board level; and
  • disclosure of the level of specialist experience and expertise around the boardroom table.

We are confident you will find the results of our analysis stimulating. We have also included a helpful summary to enable you to identify potentially worthwhile additions to your existing reporting.

The full publication can be downloaded below.

Download

Related Topics

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.