Amid intensified regional conflicts, headline-grabbing cyber attacks, and the emergence of AI-driven threats, board-level representation for cyber security surged 55% in the last 12 months within the UK’s critical national infrastructure (CNI) organisations.
The figures are revealed in our new CNI research, which surveyed 521 staff responsible for cyber security at UK CNI organisations (encompassing civil aviation, telecommunications, energy, transport, media, financial services and water supply).
In central government, the percentage of organisations with a board-level cyber security representative increased massively – by 250% – rising from just 6% last year to 57% this year, reflecting the imperative to improve security in the face of an onslaught of attacks.
The urgency to act in central government has steadily increased as threats have grown. Attackers gained access to masses of data in a successful 2021 attack on the Electoral Commission, for example. In November last year, the National Cyber Security Centre’s annual review featured a call from the government for improved CNI cyber preparedness as threats mount, whilst further attacks on election infrastructure are likely this year if a general election is held.
Across all CNI sectors, 29% of organisations now have a chief information security officer or person with cyber security responsibilities on their board of directors, compared with 19% last year. More than a quarter (27%) of organisations are currently bringing in such changes, and 19% plan to within the next 12 months.
The research found, for example, that in the civil aviation sector, although 37% of organisations already have a cyber security board member and 21% are in process of appointing one, 11% have no plans and cannot foresee they will ever have one, despite the obvious threats.
Our research also found a very significant 89% increase in the percentage of CNI organisations that have aligned their cyber security strategy to their business objectives – up from 15% in the 2023 research to 29% this year.
All CNI organisations must ensure their business initiatives do not jeopardise cyber security. Having a senior figure on the board with cyber security as part of their job description helps ensure security awareness and best practice are embedded across the organisation.