Boards Need To Step Up Or Risk Cybersecurity Fines

Protecting companies against the threat of cyber attacks used to be something that the IT department would be tasked with. Leaving tech to the tech experts seemed to make perfect sense. So long as the Board had appointed the right people for their job, many Board members felt their work was done, aside perhaps from hearing the occasional update from the IT department manager. 

What would be the point of interfering in matters that may be outside of their areas of expertise, after all? Let tech deal with tech, to free the Board up for more pressing matters.

The Daily Threat Of Cyber Attacks

But now, cyber attacks are not distant threats that happen to other organisations; they’re a daily reality, and no company is safe, regardless of their industry or size. A survey by the UK Government revealed that in 2022, 39% of UK businesses identified a cyber-attack. Out of the organisations who had reported attacks, 31% of businesses and 26% of charities estimated they were attacked at least once a week.

Fines - Insult To Injury Or Just Desserts?

On top of the sheer number of attacks, the costs to businesses can be staggering.  According to CISCO, data breaches are likely to cost, on average, 20% of a company’s turnover. There is also the high likelihood of businesses being hit with a substantial fine. Insult to injury? Perhaps, but when a Board has failed to take adequate preventative measures to safeguard their customer data, a fine may be viewed as appropriate punishment. A vital lesson in standing up and taking responsibility.

What Can The Board Do? 

If the recent £4.4m fine imposed on Interserve by the ICO has taught companies anything, it should be that understanding cybersecurity risks and investing in all the right technology is simply not enough to protect themselves from receiving a hefty fine. 

Like many firms, Interserve wasn’t ignorant to the real threat of an attack, nor was it reluctant to put the right tech in place. Where they failed was monitoring that tech and taking action when suspicious activity was flagged. They fell at the final hurdle and that cost them - big time.

Remaining resilient to the ever-evolving threats of cyber-attack requires a robust strategy driven by the Board that is constantly maintained and monitored. To put it simply, firms without watertight cyber resilience strategies are risking everything.

What is certain is that more eye-watering fines will continue to hit the headlines. 

There is a tendency for Boards to think that once they’ve invested in cybersecurity tech, they’ve done their job. This is a dangerous assumption. The vital part in a successful cyber strategy, which is still missing in all too many companies, is a security operations centre (SOC) service - experts who know how to monitor the tech, interpret the data and what to do when an alert is flagged.
 
Having all the tools but lacking a SOC service is only going halfway to protecting your organisation - which, in today’s cyber threat environment, isn’t nearly far enough. A SOC service provided by a trustworthy and reliable supplier means the difference between resilience and total vulnerability.”

Delivering Competitive Advantage

The Financial Times published the results of a survey by MIT Sloan and Proofpoint, a California cybersecurity company, which showed that Board members’ biggest fears on encountering a cyber attack, were data being made public, reputational damage and revenue loss

All these fears are well-founded, but what about the potentially devastating effects of being fined? Not to mention the cost of cyber insurance after a fine has been imposed. And then there’s losing out to competitors - many organisations are now refusing to work with partners who do not have a SOC service in place, as it means their data is vulnerable.

We have customers who came to us because they knew their cyber-attack resilience was weak and it was causing them to lose sleep. Having a SOC service in place gives Board members enormous reassurance that they’re doing everything they can to mitigate an attack - and can prove it if the ICO ever does come knocking.

Rob Demain is CEO & Founder of e2e-assure

You Might Also Read: 

How Do You Solve A Problem Like The Cyber Security Skills Gap?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« US Strategy Will Allow Hacking Criminal & Foreign Networks 
Choose the best web application firewall for you »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

aizoOn Technology Consulting

aizoOn Technology Consulting

aizoOn is a technology consulting company offering a range of services including IoT & embedded security, mobile security, cybersecurity assessments, risk & compliance, network monitoring and more.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

Maryman & Associates

Maryman & Associates

Maryman & Associates are specialists in computer forensic investigations, incident response and e-discovery services.

PCI Compliance Guide

PCI Compliance Guide

The PCI Compliance Guide is one of the leading educational websites available focused exclusively on PCI compliance.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

BigID

BigID

BigID is redefining personal data protection and privacy. BigID software helps companies secure their customer data & satisfy privacy regulations like GDPR.

ECOS Technology

ECOS Technology

ECOS Technology specializes in the development and sale of IT solutions for high-security remote access as well as the management of certificates and smart cards.

IUCC Cyber Unit - Israel

IUCC Cyber Unit - Israel

IUCC Cyber Unit safeguards Israel’s National Research & Education Network (NREN).

NFIR

NFIR

NFIR is a specialist in the field of cyber security incident response and digital forensics.

National Cybersecurity Preparedness Consortium (NCPC)

National Cybersecurity Preparedness Consortium (NCPC)

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Consortium for Information & Software Quality (CISQ)

Consortium for Information & Software Quality (CISQ)

The mission of CISQ is to develop international standards for software quality and to promote the development and sustainment of secure, reliable, and trustworthy software.

SignalSEC

SignalSEC

SignalSEC provides vulnerability intelligence, malware analysis, penetration testing and associated training services.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

SEK Security Ecosystem Knowledge

SEK Security Ecosystem Knowledge

SEK helps companies in the complex path of cybersecurity; in the analysis, detection and prevention of digital threats.