Press Release

UK Boardrooms broadly unaware of business impact related to increasingly capable cyber threats

The UK government has to continue to communicate with boardrooms to help them understand cyber threats.

“The UK government has to continue to communicate with boardrooms to help them understand increasingly capable cyber threats and the different options available to mitigate the likely financial impact,” says Alex Fidgen from MWR InfoSecurity.

The company issued the comment following the publication of the FT-ICSA survey results which reported that nearly 80% of the boardrooms polled had not actively discussed, or seen, the UK Government’s guidance on tackling cybercrime.

Fidgen agreed with the survey that most UK boardrooms overlook the impact of potential IT security incidents and said: “Unless businesses start to calculate the value of the data they hold, and directly map this to the systems and networks on which it is stored and transmitted, they will always incorrectly align any security expenditure. It will not only be a waste of resources, they will be protecting the wrong assets
or data locations."

He added: “This happens because the appropriate security standards can only be decided and implemented if the business and IT areas communicate seamlessly, and traditionally this does not happen. Coupled with an increasingly capable number of foreign states who are routinely using cyber attacks to steal information or disrupt business, calculating the business impact is steadily becoming more important when communicating to a board the need to mitigate such risk.”

The attacks are becoming incredibly sophisticated in terms of the number of organisations targeted. Information is being taken from each and pieced together to provide the final goal for the attacker.

Fidgen said: “Before disregarding any attacker’s interest in an organisation, it is necessary to understand that whilst the information directly relevant to that company might not be of interest, the data they hold about their partners or clients could be the end target."

He added: “It is a very complicated picture, but the end impact to a business can be substantial. The UK Government realises this, as do a growing number of large enterprise businesses. However, this number is still low, as supported by the survey results. This awareness within board rooms has to change if we are to protect information critical to the future profitability of key business.”



Accreditations & Certificates

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 9001 and 14001 in the UK, internationally accepted standards that outline how to put an effective quality and environmental management systems in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by NCSC for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.