MI5 and GCHQ call for FTSE 350 cyber security clean-up
Intelligence chiefs bang drum for IT health checks, following KPMG's report on FTSE 350 security attitudes.
MI5 and GCHQ security chiefs have reportedly written to the chairmen of all the companies listed in the FTSE 350, urging them to carry out cyber security health checks.
MI5 director general, Andrew Parker, has joined forces with the director of GCHQ, Sir Iain Lobban, to encourage some of the UK's largest listed companies to take a more top down approach to cyber security.
The firms will be encouraged to take part in a health check, according to a report in the Financial Times, that will require the company chairman and the head of its audit committee to complete an assessment of its information security protocols and procedures.
For example, the article claims FTSE 350 companies will be quizzed on how they safeguard customer data and go about protecting their own intellectual property.
Their responses will be anonymously aggregated to see how well that company's approach to information security compares with what their peers are doing.
It is hoped this will result in the companies involved receiving some pointers on areas where they might be particularly vulnerable to attack.
The Financial Times article comes hot on the heels of a report by auditing firm KPMG, which claimed FTSE 350 companies could be putting the UK at risk because they do not take cyber security seriously enough.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The report claimed all of the UK's FTSE 350 companies have disclosed information online that could leave them vulnerable to attack by hackers.
For instance, the report claims every company listed on the FTSE 350 has leaked employee usernames, email addresses and internal file location information online, with companies in the aerospace and defence sectors among the worst offenders.
The research, carried out by KPMG's cyber response team, also revealed that 53 per cent of the FTSE 350 did not have up-to-date security software deployed.
"Our findings send out a clear message to business: while the internet may be a shop window to the world, it can also be a substantial security risk," said Martin Jordan, head of cyber response at KPMG.
"FTSE 350 companies should accept that cyber threats are real. Protecting their networks is not just about self-interest; is about safeguarding the economy and, in the case of critical national infrastructures, it is also about the safety of the population."