The survey of FTSE 350 firms found that whilst 61 per cent of board members claimed they understood their company’s key information and data assets and 55 per cent saying they understood the danger of losing data, there was little evidence of follow through. Two in three directors have  rarely or never reviewed their company’s risk management policies whilst just 39 per cent of board members saw cyber risk as an operational risk when comparing it to other threats companies face. 

Due diligence

However, there was in increase in firms conducting third party pre-contract due diligence as well as a rise in the number of firms inserting contract clauses in order to deal with suppliers and cyber risk.