Cyber Threats Reach the Board
The Government has warned that hacking and cyber-attacks are increasing at a scale not previously seen and pose a persistent threat to both business survival and national security. In letters sent to the Chairs and CEOs of the UK’s largest companies earlier this month, ministers urged boards to treat cyber-security as a fundamental business risk rather than a technical issue.
Speaking at the Corporation of City of the London’s annual City Dinner, the Financial Conduct Authority’s Chief Executive, Nikhil Rathi, cautioned that Britain is not ready for the way cyber-attacks could damage companies and markets, and called on the financial sector to do more to support the UK’s defence and resilience effort. “Security is bound up with the FCA’s duty to protect and enhance the integrity of our financial system,” he said. “Conflict today hits balance sheets, funding, markets and consumers as much as any battlefield. And we are not prepared, tactically or strategically.”
These warnings come amid a growing list of high-profile cyber-attacks. In April, M&S’s cyber incident forced online operations offline and disrupted sales across the business for several weeks, offering a stark reminder of how cyber-attacks can quickly translate into commercial and reputational damage. More recently, Jaguar Land Rover was hit by a cyber-attack that shut down its IT network and halted production at key UK plants, sending shockwaves through its supply chain.
They underline a hard truth that must shape all boardroom conversations across sectors: a cyber-attack is not a matter of if, but when.
For business leaders, the question can no longer simply be how to prevent a cyber-attack, but how the business performs when the inevitable happens. The real test will be reputational, a measure of competence, control and communication under pressure. Not long ago, leaving a file or laptop on a bus would cause huge reputational damage to a company and attract little sympathy; today, the threshold of judgment has shifted. Companies that respond quickly, manage stakeholders effectively and demonstrate a well-rehearsed plan will retain trust. Those that prepare thoroughly are no longer blamed for being targeted; they are judged on how they respond when it matters most.
Every company should now have dedicated cyber-incident project team and advisers ready, a tested playbook, and clear stakeholder protocols in place. In this new era of constant threat, the message is clear: an organisation will be judged not on whether it can avoid an attack, but on how ready it is to withstand one.
If you would like to explore what these developments mean for your business and how best to prepare your board, get in touch via hello@5654.co.uk.