A new report highlighting the scale of the cyber security and data protection challenge in the UK is warning that two in three bosses at Britain’s biggest businesses are not trained to deal with a cyber attack.
The FTSE 350 Cyber Governance Health Check is the Government’s annual report providing insight into how the UK’s biggest 350 companies deal with cyber security.
Undertaken in the wake of recent high profile cyber attacks, the survey of the UK’s biggest 350 companies found more than two thirds of boards had not received training to deal with a cyber incident (68 per cent) - despite more than half saying cyber threats were a top risk to their business (54 per cent).
One in ten FTSE 350 companies said they operate without a response plan for a cyber incident (ten per cent) and less than a third of boards receive comprehensive cyber risk information (31 per cent).
Only six per cent of businesses say they are completely prepared for new data protection rules
Minister for Digital Matt Hancock said:
“We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right.
“These new reports show we have a long way to go until all our organisations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training.”
The reports suggest there has been progress in some areas when compared with last year’s health check, with more than half of company boards now setting out their approach to cyber risks (53 per cent up from 33 per cent) and more than half of businesses having a clear understanding of the impact of a cyber attack (57 per cent up from 49 per cent).
The Government announced a five-year National Cyber Security Strategy (NCSS) in November 2016, supported by £1.9 billion of transformational investment. This includes opening the National Cyber Security Centre and offering free online advice as well as training schemes to help businesses protect themselves.
Earlier this week, Government also announced proposals on how to help the nation’s essential industries be more resilient to cyber threats through the EU's Network and Information Security (NIS) Directive.
Separate new research looking at the cyber security of charities has also been published today.
It found charities are just as susceptible to cyber attacks as businesses, with many staff not well informed about the topic and awareness and knowledge varying considerably across different charities.
Other findings show those in charge of cyber security, especially in smaller charities, are often not proactively seeking information and relying on outsourced IT providers to deal with threats.
New Data Protection Bill to come into effect next May
The Government will soon be introducing its new Data Protection Bill to Parliament. With this coming into effect next May, implementing the General Data Protection Regulation (GDPR), the report for the first time included questions about data protection.
The FTSE 350 Cyber Governance Health Check report found:
- Awareness of GDPR was good, with almost all firms (97 per cent) aware of the new regulation
- Almost three quarters (71 per cent) of firms said they were somewhat prepared to meet the GDPR requirements, with only 6 per cent being fully prepared
- Just 13 per cent said GDPR was regularly considered by their board
- 45 per cent of Boards say they are most concerned with meeting GDPR requirements relating to an individual’s right to personal data deletion
The Information Commissioner’s Office has produced guidance for organisations on implementing the regulation, including a checklist for businesses on the actions they need to take; and a series of interactive workshops and webinars.
The FTSE 350 Cyber Governance Health Check is carried out in collaboration with the audit community, including Deloitte, EY, KPMG and PWC.
Leading business support organisation Future WaterAssociation, in partnership with Waterbriefing and the support of Water UK, has launched a major survey on the growing challenges surrounding cyber security in the water sector. Click here to have your say.
Click here for more information on the Future Water Asssociation Cyber Security workshop 27.09.2017
Waterbriefing is media partner with the 4th Annual Industrial Control Cybersecurity Europe Summit in London this September. Click here for more information
With the UK government demanding a 50% reduction in storm overflow spills by 2029, the era of reactive management is over. Speaking in the House of Commons on 21 July 2025, then environment secretary Steve Reed said, “This Government will cut water companies’ sewage pollution in half by the end of the decade.”
ERG, the leading supplier of odour control systems and industrial gas cleaning & thermal systems, has been awarded the coveted King’s Award for Enterprise.
Welsh Water’s new artificial intelligence-driven tool, ORAI, has been shortlisted for three categories at the prestigious British Data Awards 2026 – underscoring the company’s commitment to using cutting-edge technology to deliver better outcome for customers.
Barhale has completed work on two separate Rapid Action Taskforce Spills projects it is carrying out for Severn Trent.
Hear how Scottish Water has completed its £235 million Ayrshire Glasgow Resilience Project - customers across Greater Glasgow, Ayrshire and East Renfrewshire will now benefit from a more secure and resilient water supply.
Hear how United Utilities is accelerating its investment to reduce spills from storm overflows across the Northwest.
Find out more about the remarkable career opportunities on offer at WSP - scroll down to watch the inspirational video.