How Boards Should Deal with Cyber Threats (£)

Uploaded on 2016-06-14 in Directors Reports


With the links between customer/client relationships, IT, press relations and commercial finance businesses must take more time and thought about their online assets and how they are affected by cyber threats and lack of market research.

Most businesses last year and this have been affected by cyber-attacks and the costs are now often running into the hundreds of thousands of pounds for each over the £10 million turnover scale with others still being serverely affected.

But more than half of the larger businesses, over the £10 million, and 70% of small businesses below £10m have proper cyber-hack insurance cover. Yet last year 2015 around 85% of UK businesses were hacked and the costs doubled from the previous year 2014.

The amount of time the issue is now taking up has grown significantly and requires a clear strategy and planning cycle that should be briefly but accurately reported to the board at least once a month. 

There is still a real requirement for cyber understanding to be clearly given to Board members and each should have specific knowledge of the systems that the businesses are using, their age and capability and potential issues that occur with system functions and connections.

However, security and insurance are certainly not the only major issues – there should be continued cyber presentations and education available to Board and employees. This should include the obvious areas of concern and the use of personal computers and the security links used to access the systems. Discussion should also take place about education and improving employee IT knowledge and understanding and use for their particular jobs.

There is also a real need to appreciate how the market, jobs and competition are in this new environment changing the way they analyse and use cyber to understand and compete in the changing global marketplaces.

Do you have a clear and improving strategic and diagrammatic plan of the systems that are used and accessed by your business and employees? And do you have a plan for a response to a hack attack?

According to research undertaken for CSI more than 70% of Directors reported that their Boards were discussing cyber security and that this was a significant improvement on previous years. 

In the US, 47 states have laws requiring that businesses give notice to individuals affected by a security breach. Massachusetts has laws that require businesses handling personal information implement a comprehensive written information security programme aimed at ensuring security is in place for employee training and regular information security programme audits. 

EU General Data Protection Regulation (GDRP) effective 25 May 2018, will require that businesses provide “sufficient guarantees to implement appropriate technical and organizational measures” to protect the personal data of their customers and employees, including encryption of personal data and implementing a process for regularly testing, assessing and evaluating the effectiveness of security measures. In Canada, Germany, Israel, and South Korea information security rules also apply. 

But often in many parts of the world these security measures are not easy to implement. what typically appear to be quite sensible measures that in practice are often complex to implement and impossible to guarantee.

Conclusions

Cyber security is no longer solely an IT issue. The Board must be cyber educated and aware of the business issues and actions. And they should also be aware and using the opportunities that cyber analysis offers to different parts of business planning and implementation. 

Businesses and organisations must be aware of these risks and security requirements but they should also take notice of the opportunities that cyber analysis offers to their marketing, product development and sales areas.

 For the Board and management, their concerns should be for protecting customer and employee data, financial records, and valuable intellectual property. But because no cyber security programme is perfect, more realistic goals are to ensure that systems checks/audits irregularly take place and that implementation has timely taken place for legal/government obligations and that the process is operationally defensible.

« Internet Power: Self Radicalisation & The Orlando Massacre
Cyber Strategies for the New Digital Revolution (£) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

Riscure

Riscure

Riscure is a global test lab and tools leader for device security. Core expertise in side channel analysis, fault injection and embedded device software.

Telesoft Technologies

Telesoft Technologies

Telesoft Technologies is a global provider of cyber security, telecom and government infrastructure products and services.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

UKAS

UKAS

UKAS is the national accreditation body for the UK. The directory of members provides details of organisations offering certification services for ISO 27001.

Dellfer

Dellfer

Dellfer secures connected cars and other IOT devices through Intrinsic protection, enabling the most sophisticated cybersecurity attacks to be seen instantly and remediated with precision.

Lifespan Technology

Lifespan Technology

Lifespan Technology provides the full range of IT Asset Disposition services. This includes hardware recycling and disposal, data destruction, and hardware resale.

Root9B (R9B)

Root9B (R9B)

R9B offers advanced cybersecurity products, services, and training to enhance the way organizations protect their networks.

Guardara

Guardara

Guardara's mission is to help our customers to continuously improve in every aspect of software development.

Netizen

Netizen

Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government and commercial markets.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

CyberHunter Solutions

CyberHunter Solutions

CyberHunter is a leading website security company that provides penetration testing, Network Vulnerability Assessments, cyber security consulting services to prevent cyber attacks.

Red Access

Red Access

Red Access provides the first SaaS-based platform to protect web browsing from cyber threats on any browser and any in-app while ensuring frictionless user experience.

WiebeTech

WiebeTech

WiebeTech’s line of digital forensics tools provide innovative and rugged devices for efficient disk imaging and evidence capture.

LegalByte

LegalByte

LegalByte is a leading provider of comprehensive legal and forensic services dedicated to addressing the complex challenges of the digital age.