Cyber Security trends and variations in the FTSE 350
Cyber security is an essential component of ESG due to its significant impact on both the environmental and social aspects of sustainable business practices.
By prioritising cyber security within the ESG framework, organisations can mitigate risks, build resilience and uphold their commitment to safeguarding the environment and societal well-being.
Analysis of cyber security trends within the FTSE 350 reveals variations across the index. There has, for example, been an 18% increase in mentions of the term 'cyber security' in the most recent FTSE 100 reports. This indicates a heightened focus on addressing data risks and a growing awareness of the threat of cyber-attacks among FTSE 100 businesses, demonstrating their commitment to safeguarding sensitive information and systems.
Cyber security remains on the radar of FTSE 250 companies, indicating their recognition of the importance of protecting against cyber threats.
On the other hand, the FTSE 250 experienced a smaller increase in cyber security statements, with a margin of only 2%. While this suggests that cyber security remains a concern for businesses within the FTSE 250, the level of emphasis may not be as pronounced as that of their FTSE 100 counterparts.
It is however important to note that even with this smaller increase, cyber security remains on the radar of FTSE 250 companies, indicating their recognition of the importance of protecting against cyber threats.
Furthermore, within the sub-sectors of the FTSE 350, there are variations in the attention given to cyber security. Consumer goods sector, together with leisure & hospitality, demonstrate an increase in cyber security mentions. Retail, however, shows a decrease in cyber security mentions, suggesting potentially differing priorities or reporting practices within this specific sub-sector.
18%
The FTSE 100 increased mentions of ‘cyber security’ in their annual reports by 18%
Expert comment
“Cyber resilience is crucial because it's not just about surviving but thriving in the face of digital threats. Cyber attacks can disrupt operations, damage reputations, and incur significant financial losses. A resilient business can anticipate, withstand, recover from, and evolve to improve following these kinds of very real disruptions. Resilience is the backbone of a strong business strategy, and it's essential to enable businesses to operate confidently and securely.
“In 2024, the primary cyber security risk stems from the escalating sophistication of AI-aided attacks. Generative AI tools are being weaponised to improve phishing scams – which has been the biggest cyber-threat for some years and remains so – misinformation campaigns, and the creation of deep fake voices and videos.
“‘Hacking’ of online accounts due to weak, re-used or phished passwords is also a top risk affecting any business with an online presence. These methods are causing considerable damage, reputational and financial.
“The misuse of AI in cybercrime is growing, and we can expect more businesses to fall victim to these attacks. Cybercriminals are utilising AI to create more convincing scams in any language and generate realistic fake voices and videos. The simplicity and lucrative nature of these attacks mean they're likely to increase.
“Remote working can expose businesses to greater risk, as employees may lack immediate support and guidance from more experienced colleagues and are more prone to clicking on malicious links or being conned into sharing sensitive information. New entrants to the workplace, particularly Millennials and Gen-Z, are markedly more susceptible to phishing attacks, which further exacerbates the risk.
“Businesses need to adopt a comprehensive risk-based approach to cybersecurity, which includes protection, detection, response, recovery, and continuous learning. It's essential to instil a culture prioritising cyber hygiene and ensure cybersecurity measures are understood and practiced at every level of the organisation. Employing cybersecurity professionals is a necessity.
“Never underestimate the importance of ongoing education. Regular training can keep all employees, regardless of their role, up to date with the latest cyber threats and defensive tactics. Cyber-risk is a business risk affecting every employee. Fostering a culture of good security awareness across the business, top to bottom, as well as implementing good technical cyber-hygiene controls as a minimum, is essential to stay ahead of the threats.
“In an age where digital transformation is at the heart of business operations, cybersecurity is no longer a choice but a critical necessity. The rise of cyber threats, as indicated in the 'Beyond Words' report, is a stark reminder that businesses must act decisively and urgently. Every business, irrespective of size or sector, is a potential target. The true costs of a breach are not only financial but can also cause irreparable damage to brand reputation and customer trust. I cannot overstate the importance of implementing robust, risk-based cybersecurity frameworks to protect your business. The time to act is now. Delaying or underestimating the importance of cybersecurity could have severe consequences.”
Cyber security is no longer a choice but a critical necessity. The rise of cyber threats, as indicated in the 'Beyond Words' report, is a stark reminder that businesses must act decisively and urgently.
Graham Thomson
Chief Information Security Officer, Irwin Mitchell