Security researchers at Rapid7 have found that 88% of FTSE 250+ organisations, have insufficient anti-phishing defences (i.e. DMARC) in the public email configuration of their primary email domains.
The finding is part of their third Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the FTSE 250 index.
The report also found that FTSE250 companies:
- are, on average, exposing a public attack surface of 35 servers/devices, with many companies exposing over 1,000 systems/devices
- SSL/TLS security is not enforced on the primary websites of 19% of FTSE 250+ organisations
- organisations in every sector have serious issues with patch/version management of business-critical internet-facing systems
The vast majority of organisations in the UK rely on digital technology to function. Good cyber security protects that ability to function and ensures organisations can exploit the opportunities that technology brings.
Boards must understand that cyber risk should be managed in the same way as any other business risk, such as physical security or financial risks.