Research and analysis

Cyber Governance Health Check 2018

This report details how FTSE 350 companies are managing their cyber security risks.



The annual FTSE 350 Cyber Governance Health Check assesses and reports on cyber security risk management in the UK’s 350 largest firms (the “FTSE 350”.) For its fifth iteration, the Department for Digital, Culture, Media and Sport (DCMS) worked with Deloitte, EY, KPMG and PwC to deliver the 2018 Cyber Health Check.

The research was carried out in October and November 2018, with the final report published in March 2019.

The results

You can read the press notice summarising the results of the health check here.

The report sets out how the boards of the UK’s biggest firms must do more to be cyber aware. Many boards still don’t fully understand the potential impact of a cyber attack. The report shows that less than a fifth (16%) of boards have a comprehensive understanding of the impact of loss or disruption associated with cyber threats. This is despite almost all (96%) having a cyber security strategy in place. Additionally, although the majority of businesses (95%) do have a cyber security incident response plan, only around half (57%) actually test them on a regular basis.

The main report (see above) also includes an infographic summary of the key results.


Insights from the health check inform the Government’s policy on cyber security and contribute to improving the guidance offered to industry. The results of previous surveys have directly fed into key pieces of guidance and support provided to boards by the National Cyber Security Centre. This year’s survey has helped to shape the forthcoming Board Toolkit, which will help to better equip boards in their engagement with cyber risk.

Winning Moves, an independent data-driven consultancy organisation, hosted the online survey, analysed responses and prepared the interactive, confidential benchmark reports which have been made available to participating companies. The Government does not have access to any company-identifiable data.

Benchmarking reports

If your organisation participated in this year’s survey, you can access your individual company benchmarking report here.

Previous publications

Cyber Governance Health Check 2017 (published August 2017)

Cyber Governance Health Check 2015/16 (published May 2016)

Cyber Governance Health Check 2014 (published Jan 2015)

Cyber Governance Health Check 2013 (published Nov 2013)

These reports are part of the Government’s National Cyber Security Strategy which aims to make the UK the safest place to live and do business online.

Published 1 October 2018
Last updated 5 March 2019 + show all updates
  1. The page has been updated to include the Cyber Health Check report, which was published on 5 March 2019.
  2. First published.