Regulation

Digital security risk disclosures insufficient, FRC finds

The FRC said companies can improve disclosures by focusing on aspects of strategy, governance, risk and events

The Financial Report Council (FRC) has found that disclosures of digital security risks are not meeting investor needs effectively, and said companies need to improve to address this.

According to the FRC, companies often provide “limited useful information” on digital security and don’t connect to the wider strategic direction of the business or respond “sufficiently” to geo-political or cyber events. 

The FRC Lab (Lab) published  the report to help companies improve the disclosure of digital security strategies, risks, and governance, and said companies can improve disclosures by focusing on aspects of strategy, governance, risk and events.

The Lab report also provides details about how to optimise disclosure for investors, and includes practical examples of developing practice.

The FRC added that with the continued digitisation of the economy, digital security risk is increasingly becoming fundamental for an investor’s understanding of a business.

Mark Babington, FRC executive director of Regulatory Standards, said:  “Every company is now digital, so providing useful, relevant and focused disclosure on digital security is critical. Investors need transparency in this area, and this report provides a key resource for companies looking to achieve this.”

Matt Warman MP, digital minister, added: “We’re investing £2.6bn through our National Cyber Strategy to make our digital economy more secure. But as this report shows, businesses can do more to bolster their online defences and improve transparency and reporting around cyber security.

“There is help available so I urge firms to follow NCSC guidance on strengthening their cyber security capabilities so they are in the best position to protect themselves and their customers.”

Show More
Back to top button
[class^="wpforms-"]
[class^="wpforms-"]