MI5 and GCHQ call for FTSE 350 cyber security clean-up

News
By
published

Intelligence chiefs bang drum for IT health checks, following KPMG's report on FTSE 350 security attitudes.

health

MI5 and GCHQ security chiefs have reportedly written to the chairmen of all the companies listed in the FTSE 350, urging them to carry out cyber security health checks.

MI5 director general, Andrew Parker, has joined forces with the director of GCHQ, Sir Iain Lobban, to encourage some of the UK's largest listed companies to take a more top down approach to cyber security.

The firms will be encouraged to take part in a health check, according to a report in the Financial Times, that will require the company chairman and the head of its audit committee to complete an assessment of its information security protocols and procedures.

For example, the article claims FTSE 350 companies will be quizzed on how they safeguard customer data and go about protecting their own intellectual property.

Their responses will be anonymously aggregated to see how well that company's approach to information security compares with what their peers are doing.

It is hoped this will result in the companies involved receiving some pointers on areas where they might be particularly vulnerable to attack.

The Financial Times article comes hot on the heels of a report by auditing firm KPMG, which claimed FTSE 350 companies could be putting the UK at risk because they do not take cyber security seriously enough.

The report claimed all of the UK's FTSE 350 companies have disclosed information online that could leave them vulnerable to attack by hackers.

For instance, the report claims every company listed on the FTSE 350 has leaked employee usernames, email addresses and internal file location information online, with companies in the aerospace and defence sectors among the worst offenders.

The research, carried out by KPMG's cyber response team, also revealed that 53 per cent of the FTSE 350 did not have up-to-date security software deployed.

"Our findings send out a clear message to business: while the internet may be a shop window to the world, it can also be a substantial security risk," said Martin Jordan, head of cyber response at KPMG.

"FTSE 350 companies should accept that cyber threats are real. Protecting their networks is not just about self-interest; is about safeguarding the economy and, in the case of critical national infrastructures, it is also about the safety of the population."

Caroline Donnelly
Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.