UK Cyber Pros say Boards must take responsibility for breaches

A new report from ITPro, released today, suggests a significant shift in how UK cybersecurity professionals view accountability for data breaches.

 

The research reveals that a majority of cyber experts believe that the ultimate responsibility for security and regulatory compliance should lie with the board of directors. This sentiment is heightened by the increasing number of cyberattacks on UK companies and the persistent cyber skills gap that has left many firms vulnerable.

 

The study found that a notable 56% of cyber professionals believe that senior management figures should face consequences, including fines and prosecution, for serious cybersecurity failings.

 

This marks a stark contrast to the 34% who believe the employee who breached a policy should be held responsible. This points to a clear demand for greater leadership and strategic oversight from the top, rather than placing the blame on frontline staff.

 

The findings highlight a critical challenge in modern cyber risk management. While UK companies are under pressure to invest in new technologies and talent, the cybersecurity landscape continues to evolve at a rapid pace.

 

 According to a separate report, organizations are only detecting 1 in 7 simulated attacks, indicating a serious gap in their ability to respond to and mitigate threats. The growing sentiment that a lack of board-level engagement is a primary risk factor underscores the need for a more holistic approach to security, one that views cybersecurity not as an IT problem but as a fundamental business risk.

 

The call for greater accountability at the board level is particularly relevant as the UK government continues to explore new regulations, including a ban on ransomware payments for public sector organizations.

 

 These regulatory changes, combined with a severe shortage of skilled cyber professionals, place immense pressure on UK businesses to get their security strategy right.

 

Without clear, top-down direction and a genuine commitment to addressing cyber risks, UK companies will continue to be easy targets for cybercriminals.