Nearly 90 per cent of CEOs still neglecting cyber risk

• Main boards still passing cyber buck to CTOs
• NCC Group launches Cyber Security Committee Toolkit

Just 13 per cent of CEOs in the UK take responsibility for cyber risk in their business, according to new research commissioned by NCC Group.

The risk mitigation and cyber security expert appointed ComRes to survey 200 UK board directors on their attitudes to cyber security. A similarly low 13 per cent said the managing director was responsible while 9 per cent named the financial director. A resounding 52% of businesses still left the CTO and CIO to shoulder the responsibility.

Rob Cotton, CEO at NCC Group, said: “Boards continue to pass the cyber buck by delegating accountability to technical leads likes CIOs and CTOs. Cyber security is the responsibility of the CEO and the main board as it is the most significant issue facing businesses today.

“I believe that all listed companies should have a board-led Cyber Security Committee, especially when you consider the results of the recent FTSE 350 Cyber Governance Health Check* report which found that 67 per cent of boards did not understand their appetite for cyber risk. This is despite the fact that the threat of being hacked or having valuable data stolen is growing at a seemingly unstoppable pace.”

“To address this we have created a Cyber Security Committee, and as CEO, I personally sit on the committee and assess the performance of the Group’s internal security and defences, reporting back on a monthly basis.

To help promote board level ownership, NCC Group has developed a Cyber Security Committee Toolkit which contains documentation to help other companies launch their own committees, such as terms of reference and sample meeting agendas.

Cotton continued: “Boards fully discuss, report and become expert on accounting policies, health & safety, CSR and executive remuneration, however, this is not the case with a company’s most valuable assets: its data and information. It’s time to take control and be proactive.

“We’d welcome discussion with any company looking to set up a Cyber Security Committee.”

The Toolkit can be downloaded from the Group’s website:



Media contact: Lucy Giles @ MC2 – 0161 236 1352

About the survey

NCC Group commissioned leading consultancy ComRes to carry out the research detailed in this paper.

ComRes interviewed 200 board directors at UK companies with 500+ employees between 24 August 2016 and 15 September 2016.

Full data tables may be viewed at:

A more detailed breakdown of the statistics in the release can be found below:

Question: Who is accountable, or would be accountable, for the Board-level management of cyber-security in your organisation?


  • CTO: 29%
  • CIO: 23%
  • CEO: 13%
  • MD: 13%
  • FD: 9%
  • Chief Risk Officer: 5%
  • Chairman: 4%
  • Marketing director: 2%

About NCC Group

NCC Group is a FTSE 250 listed global expert in cyber security and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape.
With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.
We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.
Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.

Published date:  15 November 2016

comments powered by Disqus

Filter By Service

Filter By Date