In-depth

Is your company taking enough accountability on cyber security?

60% of organisations have had at least one serious security incident this year

Security

Every modern organisation knows that cybersecurity is a hot topic. From high profile breaches in the news to increased investment in security talent across industries, there's little doubt that companies need to wake up to the risks of cybercrime.

But this doesn't always translate into action on a day-to-day level, and it's unclear just how many businesses are taking enough accountability on cybersecurity.

Socrates Coudounaris, Chairman of the Institute of Risk Management, said in the organisation's 2019 Risk Predictions: "The impact of current macro trends and risks, such as cybersecurity, AI and Brexit in the UK will continue to put pressure on, and potentially change, entire business sectors."

"Leaders who think critically about the future, anticipate disruption to their sectors, while building resilience and agility in their models, will be in a better position to tackle a challenging risk environment in 2019 and thrive." 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

With businesses in the UK suffering one cyber attack every minute, businesses and security leaders need to step up to ensure their organisations are resilient, as well as educating employees and putting in place adequate security measures.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Whose responsibility is it?

Primarily, setting your risk appetite is about determining how much risk your company is willing to accept while still comfortably achieving business objectives. All of this depends on the nature of said objectives, as well as the size and complexity of the organisation as a whole.

Some losses may be deemed acceptable, while others too costly.

Division of this accountability is key, and should be split between the CEO, CISO and CRO to ensure business objectives and risk are balanced in accordance with goals and priorities across the entire organisation. Security takes resources, and they have to come from somewhere.

This also ties into the concerns companies have in relation to risk management, with reputation loss coming out top in a cyber risk survey from RSA. Perhaps a less tangible problem than business interruption or breach of customer information - second and third, respectively - a hit to reputation can have potentially devastating long-term consequences that are more difficult to measure.

Understandably then, the focus of most organisations is external threats coming in from outside the company, but attention must also be paid to those internal risks that could similarly harm the business. Many of these can be unintentional and the result of human error, but they can be equally dangerous if not properly managed.

The growing importance of data security

Data security is gaining prominence among security professionals due to the stream of sensitive or confidential data breaches continuing to make headlines.

Industry consensus attests the number of high-profile breaches to the growth in the use of cloud services, which presents a problem; the cloud is predicted to continue its upward trajectory, meaning a continued spread of vulnerabilities. 

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

According to research conducted by Forrester, only 29% of security leaders would agree they understand the strengths of their security program and crucially, areas in which they can improve. This should be a major cause for concern, as if vulnerabilities are not known they cannot be addressed, giving way to damaging data breaches. 

Further, the introduction of legislation like the GDPR has exacerbated the threat of breaches, with eye-watering fines dealt for breaching compliance regulations. In fact, a German housing giant was recently fined £12.5 million.

Advertisement
Advertisement - Article continues below

Here, the cost of failing to comply can be rivalled by the internal expenditure undertaken to initially achieve compliance, with Forrester's research revealing 34% of security leaders struggle to meet and sustain compliance requirements. Solid data security practices will help organisations achieve their compliance targets, or at least help to reduce the gap.

IT and business leaders should make it a priority to establish secure data management strategies and protocols. This will reduce the risk of a data breach, and will be a good opportunity to ensure compliance with data protection and handling regulations.

How often should cyber risk be reviewed?

Cyber risk is not a fixed, unmoving thing, and shouldn't be treated as such. Determining a company's risk appetite, then, should be an ongoing process that is continuously reviewed. 60% of medium and large businesses have reported having a cyber security breach or attack in the past 12 months, according to gov.uk's Cyber Security Breaches Survey 2019. This is down on previous years, but the ones that have identified attacks are experiencing more of them.

There does appear to be an uptick in accountability amongst companies, with 58% of large firms receiving cyber security updates at least monthly to the board. But a reported 26% of large businesses still don't have a formal cyber security policy, which leaves them open to a serious cyber attack, data loss and more.

Determining cyber risk appetite has never been more important, and business leaders must work to bring these discussions into board meetings with more frequency. As the cybercrime world evolves, so too must its potential victims.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020