1920-x-500-Cyber-Board-Level

Cyber Board Level Representation Surges Amid Intensified Regional Conflicts, Headline-Grabbing Cyber Attacks, and AI-Driven Threats

  1. Home
  2. Insights
  3. News
  4. Cyber Board Level Representation Surges Amid Intensified Regional Conflicts, Headline-Grabbing Cyber Attacks, and AI-Driven Threats
Published 6 June 2024

Amid intensified regional conflicts, headline-grabbing cyber attacks, and the emergence of AI-driven threats, board-level representation for cyber security surged 55% in the last 12 months within the UK’s critical national infrastructure (CNI) organisations. 

The figures are revealed in our new CNI research, which surveyed 521 staff responsible for cyber security at UK CNI organisations (encompassing civil aviation, telecommunications, energy, transport, media, financial services and water supply). 

In central government, the percentage of organisations with a board-level cyber security representative increased massively – by 250% – rising from just 6% last year to 57% this year, reflecting the imperative to improve security in the face of an onslaught of attacks. 

The urgency to act in central government has steadily increased as threats have grown. Attackers gained access to masses of data in a successful 2021 attack on the Electoral Commission, for example. In November last year, the National Cyber Security Centre’s annual review featured a call from the government for improved CNI cyber preparedness as threats mount, whilst further attacks on election infrastructure are likely this year if a general election is held.    

Across all CNI sectors, 29% of organisations now have a chief information security officer or person with cyber security responsibilities on their board of directors, compared with 19% last year. More than a quarter (27%) of organisations are currently bringing in such changes, and 19% plan to within the next 12 months.  

The research found, for example, that in the civil aviation sector, although 37% of organisations already have a cyber security board member and 21% are in process of appointing one, 11% have no plans and cannot foresee they will ever have one, despite the obvious threats.  

Anthony Young, Chief Executive Officer of Bridewell, said: “As CNI organisations grapple with a challenging and changing environment, it is very welcome to see such a significant increase in board members with responsibility for cyber security. Even if the overall level is still too low and a greater sense of urgency is required, the signs are there that cyber security is getting the recognition it needs at the top table. The increase in such appointments among central government organisations, for example, shows they are acting on their own advice that organisations must give priority to cyber concerns.  

“Threats are proliferating and nation-state activity is more determined and well-resourced, aimed very specifically at our critical infrastructure organisations. Cyber security must have a voice at the top table in every organisation as part of a fully-developed strategy that includes technology, human expertise and constant vigilance.” 

Our research also found a very significant 89% increase in the percentage of CNI organisations that have aligned their cyber security strategy to their business objectives – up from 15% in the 2023 research to 29% this year. 

All CNI organisations must ensure their business initiatives do not jeopardise cyber security. Having a senior figure on the board with cyber security as part of their job description helps ensure security awareness and best practice are embedded across the organisation. 

 

Bridewell logo Alternative text
Author
Bridewell
Insights by Bridewell