Wavestone, a global transformation consultancy firm, has launched the results of its largest global cybersecurity maturity study to date.
In a rapidly moving marketplace, Wavestone set out to determine the cybersecurity maturity posture of 260 companies listed on the marketplaces where the firm is present, (FTSE 100, Dow Jones, CAC 40, BEL 20, SMI, HIS) by analysing the annual reports and registration documents, published as at 1 June 2019.
The firm developed the Wavestone Global Cyber Maturity Index to assess key indicators including risks, governance, regulation and protection measures. This index, scored out of 20, is based on 14 criteria, which indicate a strong cybersecurity maturity.
The results of this unique study provides a global overview of the declared level of maturity of companies and its evolution, based on key aspects: involvement of executive committees, investments in cybersecurity and Data Privacy.
The study revealed that 90% of companies are acting on cybersecurity, yet the level companies are acting on cybersecurity varies considerably.
Privacy is high on the agenda
One year after GDPR was implemented, it is no surprise that privacy is the subject matter of the year, with 80% mentioning GDPR, privacy or personal data protection (71% FTSE100, 100% CAC40 and 87% Dow Jones).
Companies are developing innovation, but not building cybersecurity into these plans
Of the 143 companies implementing innovative projects in AI, IoT, Blockchain and 5G, only 8% mention these technologies in the context of cybersecurity. This raises a question of how seriously security is being considered in emerging technology. Wavestone calls for cybersecurity to be a core element of innovative technology projects.
Key observations of the UK market
The UK obtained a maturity score of 9.09, positioned third behind the US Dow Jones (10.15) and France CAC40 (10.07).
87% of FTSE100 companies acknowledge that they face cybersecurity risks and over a third of these companies specifically contextualise these risks in relation to their business. This demonstrates a strong understanding of cybersecurity, as these businesses understand what impact these risks could have on their operations.
Addressing the topic at an Executive Committee level is a strong indication of high cybersecurity maturity. 61% of FTSE 100 companies (vs 50% France CAC40 and 83% Dow Jones) addresses the question of cybersecurity at an executive committee level, with 26% having an active participant in cybersecurity on the Executive Board (vs 12.5% France CAC40 and 10% Dow Jones).
The UK scored lower than the leading scoring countries on the topic of Privacy, with 71% of companies mentioning GDPR, privacy or personal data protection. (87% US Dow Jones and 100% France CAC40). France is one of the strongest advocates of data privacy in Europe, therefore this figure is expected to be high. In the US, there has been a great deal of attention placed on the topic of data privacy, as Facebook was subject to a high-profile data breech. This could influence companies position on privacy and the need to address this.
Head of Cybersecurity, Wavestone UK, Florian Pouchet comments: “Whilst the FTSE100’s overall performance trails the US and France, the UK stands out with the highest commitment to investment (91% vs 86% globally) with over half of this being structured and coordinated effort, as it aims to become the safest place to live and do business online.”
Read the full UK survey here.