In-depth

Is your company taking enough accountability on cyber security?

60% of organisations have had at least one serious security incident this year

Security

Every modern organisation knows that cybersecurity is a hot topic. From high profile breaches in the news to increased investment in security talent across industries, there's little doubt that companies need to wake up to the risks of cybercrime.

But this doesn't always translate into action on a day-to-day level, and it's unclear just how many businesses are taking enough accountability on cybersecurity.

Advertisement - Article continues below

Socrates Coudounaris, Chairman of the Institute of Risk Management, said in the organisation's 2019 Risk Predictions: "The impact of current macro trends and risks, such as cybersecurity, AI and Brexit in the UK will continue to put pressure on, and potentially change, entire business sectors."

"Leaders who think critically about the future, anticipate disruption to their sectors, while building resilience and agility in their models, will be in a better position to tackle a challenging risk environment in 2019 and thrive." 

With businesses in the UK suffering one cyber attack every minute, businesses and security leaders need to step up to ensure their organisations are resilient, as well as educating employees and putting in place adequate security measures.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Whose responsibility is it?

Primarily, setting your risk appetite is about determining how much risk your company is willing to accept while still comfortably achieving business objectives. All of this depends on the nature of said objectives, as well as the size and complexity of the organisation as a whole.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Some losses may be deemed acceptable, while others too costly.

Division of this accountability is key, and should be split between the CEO, CISO and CRO to ensure business objectives and risk are balanced in accordance with goals and priorities across the entire organisation. Security takes resources, and they have to come from somewhere.

This also ties into the concerns companies have in relation to risk management, with reputation loss coming out top in a cyber risk survey from RSA. Perhaps a less tangible problem than business interruption or breach of customer information - second and third, respectively - a hit to reputation can have potentially devastating long-term consequences that are more difficult to measure.

Understandably then, the focus of most organisations is external threats coming in from outside the company, but attention must also be paid to those internal risks that could similarly harm the business. Many of these can be unintentional and the result of human error, but they can be equally dangerous if not properly managed.

The growing importance of data security

Data security is gaining prominence among security professionals due to the stream of sensitive or confidential data breaches continuing to make headlines.

Advertisement - Article continues below

Industry consensus attests the number of high-profile breaches to the growth in the use of cloud services, which presents a problem; the cloud is predicted to continue its upward trajectory, meaning a continued spread of vulnerabilities. 

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

According to research conducted by Forrester, only 29% of security leaders would agree they understand the strengths of their security program and crucially, areas in which they can improve. This should be a major cause for concern, as if vulnerabilities are not known they cannot be addressed, giving way to damaging data breaches. 

Further, the introduction of legislation like the GDPR has exacerbated the threat of breaches, with eye-watering fines dealt for breaching compliance regulations. In fact, a German housing giant was recently fined £12.5 million.

Here, the cost of failing to comply can be rivalled by the internal expenditure undertaken to initially achieve compliance, with Forrester's research revealing 34% of security leaders struggle to meet and sustain compliance requirements. Solid data security practices will help organisations achieve their compliance targets, or at least help to reduce the gap.

Advertisement - Article continues below

IT and business leaders should make it a priority to establish secure data management strategies and protocols. This will reduce the risk of a data breach, and will be a good opportunity to ensure compliance with data protection and handling regulations.

How often should cyber risk be reviewed?

Cyber risk is not a fixed, unmoving thing, and shouldn't be treated as such. Determining a company's risk appetite, then, should be an ongoing process that is continuously reviewed. 60% of medium and large businesses have reported having a cyber security breach or attack in the past 12 months, according to gov.uk's Cyber Security Breaches Survey 2019. This is down on previous years, but the ones that have identified attacks are experiencing more of them.

There does appear to be an uptick in accountability amongst companies, with 58% of large firms receiving cyber security updates at least monthly to the board. But a reported 26% of large businesses still don't have a formal cyber security policy, which leaves them open to a serious cyber attack, data loss and more.

Determining cyber risk appetite has never been more important, and business leaders must work to bring these discussions into board meetings with more frequency. As the cybercrime world evolves, so too must its potential victims.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Visit/infrastructure/server-storage/355785/dell-emc-poweredge-r7525-review-an-epyc-core-density-to-make
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020
Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020