Cyber board level representation surges

Bridewell research finds 55% increase in cyber boardroom appointments across UK critical national infrastructure over the last 12 months.

  • Sunday, 9th June 2024 Posted 10 months ago in by Phil Alsop

Amid intensified regional conflicts, headline-grabbing cyber attacks, and the emergence of AI-driven threats, board-level representation for cyber security surged 55% in the last 12 months within the UK’s critical national infrastructure (CNI) organisations.

The figures are revealed in new research from Bridewell, which surveyed 521 staff responsible for cyber security at UK CNI organisations (encompassing civil aviation, telecommunications, energy, transport, media, financial services and water supply).

In central government, the percentage of organisations with a board-level cyber security representative increased massively – by 250% – rising from just 6% last year to 57% this year, reflecting the imperative to improve security in the face of an onslaught of attacks.

The urgency to act in central government has steadily increased as threats have grown. Attackers gained access to masses of data in a successful 2021 attack on the Electoral Commission, for example. In November last year, the National Cyber Security Centre’s annual review featured a call from the government for improved CNI cyber preparedness as threats mount, whilst further attacks on election infrastructure are likely this year ahead of next month’s general election.

Across all CNI sectors, 29% of organisations now have a Chief Information Security Officer (CISO) or person with cyber security responsibilities on their board of directors, compared with 19% last year. More than a quarter (27%) of organisations are currently bringing in such changes, and 19% plan to within the next 12 months.

The research found, for example, that in the civil aviation sector, although 37% of organisations already have a cyber security board member and 21% are in process of appointing one, 11% have no plans and cannot foresee they will ever have one, despite the obvious threats.

Anthony Young, Chief Executive Officer of Bridewell, said: “As CNI organisations grapple with a challenging and changing environment, it is very welcome to see such a significant increase in board members with responsibility for cyber security. Even if the overall level is still too low and a greater sense of urgency is required, the signs are there that cyber security is getting the recognition it needs at the top table. The increase in such appointments among central government organisations, for example, shows they are acting on their own advice that organisations must give priority to cyber concerns.

“Threats are proliferating and nation-state activity is more determined and well-resourced, aimed very specifically at our critical infrastructure organisations. Cyber security must have a voice at the top table in every organisation as part of a fully-developed strategy that includes technology, human expertise and constant vigilance.”

The research also found a very significant 89% increase in the percentage of CNI organisations that have aligned their cyber security strategy to their business objectives – up from 15% in the 2023 research to 29% this year.

All CNI organisations must ensure their business initiatives do not jeopardise cyber security. Having a senior figure on the board with cyber security as part of their job description helps ensure security awareness and best practice are embedded across the organisation.

High-profile cyberattacks highlight a recurring issue: employees are often the weakest security link.
New research from Ventrica shows that UK companies can’t afford to replace humans with AI in customer service enquiries, with an emotive experience...
Kubernetes has firmly transitioned from an emerging technology into a core part of enterprise production environments, according to a new survey from...
Findings from ‘Unlocking Growth in the Mid-Market: The Node4 Report’ point to a lack of alignment around AI investment, public cloud consumption,...

AI causes cyber resilience rethink

Posted 16 hours ago by Phil Alsop
Unveiled at the RSAC™ Conference, the 2025 LevelBlue Futures Report finds only 29% of executives are prepared for AI-powered threats, despite...

Mixed uptake of Proactive Cybersecurity

Posted 16 hours ago by Phil Alsop
Mixed uptake of Proactive Cybersecurity

4 in 10 UK CIOs warn of unrealistic board expectations

Posted 16 hours ago by Phil Alsop
A new survey commissioned by Expereo exposes the true roadblocks to UK AI plans - poor infrastructure, resistance from employees, unreasonable...
Kubernetes complexity drives surge in demand for enhanced observability tools