An overwhelming (80%) of respondents indicated that they have put a cyber incident response in place with over 2/3rds indicating they have completed an incident response exercise on the last 12 months. This has probably contributed to the significant increase in respondents (65% versus 56% in 2024) feeling they are well prepared to manage a cyber incident effectively. This percentage was significantly higher for larger companies. Despite over half of respondents indicating they feel well informed about the cyber risks and exposures facing their organisation, cybersecurity and data privacy were still ranked within the top three of where the board feels more time is needed.
