74% of organisations were hit by a cyber attack in 2014

Did you know that 74% of organisations were hit by a successful cyber attack in 2014?¹

And here’s another bit of trivia: the cost of cyber crime to large organisations in the UK has increased 97% since 2012.²

I think you’ll agree that the odds of being struck down by a cyber attack are clearly stacked against the average organisation, and massively in favour of the bad guys.

Some other recent findings¹:

  • Phishing, malware, and zero-day attacks were cited as the biggest concerns.
  • Low security awareness among employees is the greatest inhibitor to defending against cyber risk, followed closely by lack of security budget.
  • Less than 40% of organisations conduct full-network active vulnerability scans more than once per quarter.
  • Only 23% of respondents are confident their organisations have made adequate investments to monitor the activities of privileged users.

How to tackle this problem

The most effective way to develop an effective response to cyber crime is to learn from international best practice. ISO 27001 is the international standard for managing cyber security risk.

  • ISO 27001 helps structure an organisation’s cyber defences to give the board, shareholders and customers peace of mind.
  • Many governments and private sector companies globally now require their suppliers to provide evidence that they have implemented ISO 27001 at tender and/or contract award stage.

Why cyber security measures aren’t enough

Most companies already have a number of cyber security measures in place, such as policies, practices, procedures, work instructions and technologies. What companies without an effective, ISO 27001-supported ISMS often lack is a process for identifying whether or not those measures are adequate or sufficient for their particular risk environment.

How ISO 27001 works

  • ISO 27001 is technology-neutral and vendor-agnostic;
  • It sets out the specification for implementing a best-practice information security management system (ISMS);
  • An ISMS enables the business to perform better, with risk-mitigating controls selected on the basis of the organisation’s risk environment and risk appetite;
  • The ISMS is a holistic management system that enables a business to manage data security in relation to technology, as well as its people and processes;
  • An ISO 27001-aligned ISMS is based on a comprehensive risk assessment and requires leadership commitment and company-wide involvement;
  • ISO 27001 requires a process of continual improvement, thereby ensuring the organisation keeps up to date with evolving cyber threats.

Find out how to reduce your organisation’s cyber risk with ISO 27001 now.

Sources:

¹2015 Cyber Threat Defence Report (US and Europe)

²2015 Ponemon Institute Cost of Cyber Crime Report (UK)

Blog banner 27k