UK firms boost board-level cyber security roles by 55%

New research reveals a notable increase in board-level representation for cyber security in the UK, particularly within the country’s critical national infrastructure (CNI) sectors. A study conducted by cyber security firm Bridewell has exposed a 55% surge in such appointments over the past year.

The analysis, which included responses from 521 staff responsible for cyber security at CNI organisations—encompassing civil aviation, telecommunications, energy, transport, media, financial services, and water supply—indicates a growing recognition of the importance of cyber security at the upper echelons of corporate governance.

Central government organisations have demonstrated the most significant climb in cyber security boardroom representation, with the percentage skyrocketing from 6% last year to 57% this year. This monumental 250% increase reflects a heightened need to bolster security in response to escalating cyber threats. Notably, the urgency to enhance security measures has been amplified by attacks such as the successful breach of the Electoral Commission in 2021 and ongoing concerns regarding election infrastructure security.

Within the broader context of CNI sectors, the research shows that 29% of organisations now have a Chief Information Security Officer (CISO) or an equivalent role at the board level, up from 19% last year. Additionally, over a quarter (27%) are currently in the process of integrating such changes, and 19% plan to do so in the next 12 months.

In the civil aviation sector, 37% of organisations have already appointed a cyber security board member, with another 21% in the process of doing so. However, 11% still report no plans to introduce this role despite the evident risks posed by cyber threats.

Anthony Young, Chief Executive Officer of Bridewell, commented on the findings: “As CNI organisations grapple with a challenging and changing environment, it is very welcome to see such a significant increase in board members with responsibility for cyber security. Even if the overall level is still too low and a greater sense of urgency is required, the signs are there that cyber security is getting the recognition it needs at the top table.”

Young further emphasised the gravity of the situation: “Threats are proliferating and nation-state activity is more determined and well-resourced, aimed very specifically at our critical infrastructure organisations. Cyber security must have a voice at the top table in every organisation as part of a fully-developed strategy that includes technology, human expertise, and constant vigilance.”

The research also revealed an 89% increase in the percentage of CNI organisations that have aligned their cyber security strategies with their business objectives, rising from 15% in 2023 to 29% this year. This alignment ensures that business initiatives do not compromise cyber security. Appointing a senior figure to the board responsible for cyber security helps embed awareness and best practices across the organisation.

The findings from Bridewell serve as a critical reminder of the evolving cybersecurity landscape and the need for organisations to proactively address these challenges by integrating cybersecurity into their governance structures. With increased board-level representation, UK CNI organisations are taking necessary steps to safeguard against advanced and persistent threats. However, more work remains to be done to achieve comprehensive cyber resilience.