The UK leads Europe in terms of cyber resilience, ahead of France and Germany, according to a report by Diligent Institute and Bitsight.
He investigation found that companies with a specialized risk committee or audit committee achieve better cybersecurity performance than those without either, with scores of 710 and 650 respectively.
All UK companies included in the report had an audit committee, while the region also had the second highest number of specialist risk committees, found in just under half of the companies surveyed.
The authors said these figures are reflected in the UK's average safety rating, which was the fourth highest of the countries analysed, around 690 out of 900. This put the UK ahead of countries such as France, Japan and Germany , but slightly behind. Australia (700), United States (710) and Canada (710).
Highly regulated industries, such as healthcare and financial services, were found to have the highest cybersecurity ratings.
The report concluded that companies with advanced cybersecurity performance generate 372% higher shareholder returns, compared to their peers with basic cybersecurity performance.
“Cybersecurity is no longer simply about mitigating risk, it is now a key indicator of financial performance,” said Homaira Akbari, CEO of AKnowledge Partners and Bitsight advisory board member.
“Companies must treat cybersecurity as a cornerstone of their business strategy, guided by clear and ambitious benchmarks and backed by the full support of their boards.”
The average total shareholder return of companies with advanced safety performance ratings over a five- and three-year period was 71% and 67%, respectively, while companies in the basic performance range earned only 37%. % and 14%.
Companies with a greater number of independent directors are more likely to have advanced safety ratings, as are companies with specialized risk committees.
“These findings show that cybersecurity is not just an IT issue: it is a business risk that has a material impact on the short-term performance and long-term health of a company and that management and the board of directors must be aware of.” day.” said Keith Fenner, senior vice president and general manager of EMEA at Diligent.
“With the UK’s cybersecurity threat and governance landscapes becoming more sophisticated and complex, now is the time for boards and leaders to develop their competency around cyber risk.”
Security imbalance persists in smaller companies
The UK healthcare sector had the highest average security rating overall, 730. Of the companies with advanced security performance ratings, 33% came from the financial services sector, with an average rating of 720.
By comparison, only a quarter of companies with basic security performance ratings came from the industrial sector, while the sector with the lowest overall performance rating was the communications sector at 630.
But while medium and large businesses surveyed for this report showed a strong security posture, the same cannot be said for smaller UK businesses. A recent government-led survey of enterprise security capabilities found that many UK businesses struggle to adapt to security threats.
The report noted that smaller companies are focusing primarily on reaction and response, rather than preventive measures, while medium-sized companies are finding it difficult to keep pace with advances in cybersecurity.