Cyber risk and governance reporting in the UK

A changing landscape

We are pleased to present our fourth annual analysis of cyber opportunity, risk and governance reporting across the FTSE 100 which is designed to offer insights about how to keep the users of annual reports informed in this important area.

We have considered:

  • Do companies describe cyber risk clearly?
  • How do boards report their involvement?
  • Are mitigating activities well explained?
  • Are cyber security breaches well-described?
  • Are companies discussing opportunities?

Earlier this year the US Securities and Exchange Commission (SEC) published its Final Rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. Throughout our report we highlight some of the relevant SEC Rule requirements and how the FTSE 100 measure up based on existing reporting practices.

Did you find this useful?