With oversight of technological capability, opportunity and risk critical to company success, regulators are increasingly focused on how companies report cyber risk and breaches in security. The FRC’s Financial Reporting Lab published its report Digital Security Risk Disclosure in early August, and earlier this year the US Securities and Exchange Commission (SEC) also published a proposal to improve disclosure in this area.

We are pleased to present our own analysis of cyber opportunity, risk and governance reporting across the FTSE 100 which is designed to help you identify examples of good practice and offer insights about how to keep the users of annual reports informed in this important area. We last examined FTSE 100 cyber risk and governance reporting in March 2018 and we are pleased to see considerable progress in companies’ disclosures.

However, when compared to the SEC proposal on cyber reporting published March 2022 and the FRC Lab’s disclosure recommendations, it is clear more focus is needed to match the needs of investors as identified by these two market regulators.