Governance in focus — Cyber risk reporting in the UK

Published on: 06 Feb, 2017

Cyber crime is growing more rapidly than cyber security, and organisations have never been more at risk from cyber attacks. This is our first survey of cyber reporting practices covering the full FTSE 100 and we have designed it to identify examples of good practice and offer insight to all listed companies about how to keep the users of annual reports better informed.

We looked at reporting practices in the FTSE 100 around:

  • whether companies are identifying cyber as a principal risk, how they are categorising and describing the risk and its impact;
  • cyber crime, and whether companies have reported an increase in the level of cyber risk since the prior year;
  • the clarity of explanation of activities to mitigate the risk;
  • how clearly companies describe the ownership of cyber risk, particularly at board level; and
  • disclosure of the level of specialist experience and expertise around the boardroom table.

We are confident you will find the results of our analysis stimulating. We have also included a helpful summary to enable you to identify potentially worthwhile additions to your existing reporting.

The full publication can be downloaded below.


Related Topics

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.