Is your company taking enough accountability on cyber security?

60% of organisations have had at least one serious security incident this year


Every modern organisation knows that cybersecurity is a hot topic. From high profile breaches in the news to increased investment in security talent across industries, there's little doubt that companies need to wake up to the risks of cybercrime.

But this doesn't always translate into action on a day-to-day level, and it's unclear just how many businesses are taking enough accountability on cybersecurity.

Socrates Coudounaris, Chairman of the Institute of Risk Management, said in the organisation's 2019 Risk Predictions: "The impact of current macro trends and risks, such as cybersecurity, AI and Brexit in the UK will continue to put pressure on, and potentially change, entire business sectors."

"Leaders who think critically about the future, anticipate disruption to their sectors, while building resilience and agility in their models, will be in a better position to tackle a challenging risk environment in 2019 and thrive." 

Advertisement - Article continues below
Advertisement - Article continues below

With businesses in the UK suffering one cyber attack every minute, businesses and security leaders need to step up to ensure their organisations are resilient, as well as educating employees and putting in place adequate security measures.

Whose responsibility is it?

Primarily, setting your risk appetite is about determining how much risk your company is willing to accept while still comfortably achieving business objectives. All of this depends on the nature of said objectives, as well as the size and complexity of the organisation as a whole.

Some losses may be deemed acceptable, while others too costly.

Division of this accountability is key, and should be split between the CEO, CISO and CRO to ensure business objectives and risk are balanced in accordance with goals and priorities across the entire organisation. Security takes resources, and they have to come from somewhere.

This also ties into the concerns companies have in relation to risk management, with reputation loss coming out top in a cyber risk survey from RSA. Perhaps a less tangible problem than business interruption or breach of customer information - second and third, respectively - a hit to reputation can have potentially devastating long-term consequences that are more difficult to measure.

Understandably then, the focus of most organisations is external threats coming in from outside the company, but attention must also be paid to those internal risks that could similarly harm the business. Many of these can be unintentional and the result of human error, but they can be equally dangerous if not properly managed.

The growing importance of data security

A breach of sensitive or confidential data was the primary issue among security professionals according to a survey from Osterman Research, with 68% citing it as a major concern. This concern will have grown significantly over the past two years with the growth in use of cloud services, as well as a number of high-profile breaches and the threat of fines from legislation like the GDPR.

In fact, since GDPR was introduced a year ago, almost 60,000 data breaches have been reported across Europe.

A recent survey from Oracle has found that less than half of IT teams are confident that their organisation's data is secure. This should be a major cause for concern, given the implications for businesses of a data breach. 

IT and business leaders should make it a priority to establish secure data management strategies and protocols. This will reduce the risk of a data breach, and will be a good opportunity to ensure compliance with data protection and handling regulations. 

How often should cyber risk be reviewed?

Cyber risk is not a fixed, unmoving thing, and shouldn't be treated as such. Determining a company's risk appetite, then, should be an ongoing process that is continuously reviewed. 60% of medium and large businesses have reported having a cyber security breach or attack in the past 12 months, according to's Cyber Security Breaches Survey 2019. This is down on previous years, but the ones that have identified attacks are experiencing more of them.

Advertisement - Article continues below

There does appear to be an uptick in accountability amongst companies, with 58% of large firms receiving cyber security updates at least monthly to the board. But a reported 26% of large businesses still don't have a formal cyber security policy, which leaves them open to a serious cyber attack, data loss and more.

Advertisement - Article continues below

Determining cyber risk appetite has never been more important, and business leaders must work to bring these discussions into board meetings with more frequency. As the cybercrime world evolves, so too must its potential victims.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

How can you protect your business from crypto-ransomware?

4 Nov 2019

How to enhance your backup strategy

10 Oct 2019

Most Popular


Patch issued for critical Windows bug

11 Dec 2019
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019

Buy IT to grow, not slow, your business

25 Nov 2019
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019