Press releases

Deloitte comments on DCMS Cyber Breaches Survey 2017

21 August 2017

Phill Everson, head of cyber risk services at Deloitte, said:
“This year’s report marks a clear improvement in board level awareness of cyber risks and their impacts, driven in large part by high profile, cross-sector incidents. There is still some way to go, though, as the findings show that many boards still do not have a defined role to lead a company-wide response. This corroborates with recent Deloitte analysis of FTSE 100 annual reports, which found that just 5% disclose having a board member with specialist technology or cyber experience.

“As well as greater awareness of the financial and reputational impact of a cyber breach, preparedness is also key to a successful response. From May next year, cyber breaches will have to be reported within 72 hours under General Data Protection Regulation (GDPR). This is significantly sooner than the period that many companies have historically alerted customers, which often runs into many months. As hackers become increasingly more sophisticated, companies will have to ensure that staff training and technology stays ahead of the evolving cyber threat to respond in a timely and effective manner.”

Peter Gooch, cyber risk partner and GDPR lead at Deloitte, said:
“A key addition to this year’s report focusses on the GDPR and how FTSE 350 organisations assess their readiness. The standout figure – that only 6% of organisations believe they are completely prepared for their new obligations – indicates the amount of work still to be done. With less than a year to go before the regulation is in force, there is clearly a need to address this. Many boards will need to commit resources and time to focus on GDPR activities.”


Note to editors

About Deloitte
In this press release references to “Deloitte” are references to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”) a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of DTTL and its member firms.

Deloitte LLP is a subsidiary of Deloitte NWE LLP, which is a member firm of DTTL, and is among the UK's leading professional services firms.

The information contained in this press release is correct at the time of going to press.

For more information, please visit

Member of Deloitte Touche Tohmatsu Limited.

Did you find this useful?