According to The Institute of Directors (IoD), UK businesses “are not taking cyber security seriously enough” and there is “a worrying gap between awareness of the risks and business preparedness.”
A new IoD report, Cyber Security – Underpinning the digital economy [PDF download], surveyed nearly 1,000 IoD members and found that even though almost half (49%) of attacks resulted in interruptions to business operations and 11% caused financial losses, only 28% of cyber attacks were reported to the police.
“…cyber security is no longer just about the protection of technology, it is also the protection of ourselves in our digital environment…”
91% of respondents claimed that cyber security was important to their organisation, but only 57% said they had a formal cyber/information security strategy and fewer than half of respondents (49%) said they provided cyber security awareness training for staff.
“The threats we see today are at an all-time high in terms of sophistication and volume and these variables will only increase…”
The scale of the cyber threat should not be underestimated, either. 72% of respondents reported that they had received bogus invoices, demonstrating the extent to which social engineering attacks are spreading, but only 49% of respondents said they provided cyber security awareness training for staff.
“…every board or business owner has a responsibility to manage its own risk profile and act accordingly…”
The report’s author, Professor Richard Benham, said:
Cybercrime is one of the biggest business challenges of our generation and companies need to get real about the financial and reputational damage it can inflict. The spate of recent high-profile attacks has spooked employers of all sizes and it is vital to turn this awareness into action. Customers and partners expect the businesses they deal with to get it right.
As attacks become more prevalent and increasingly sophisticated, businesses need to defend themselves, know how to limit damage, and be ready to respond quickly and comprehensively when the inevitable happens. No shop-owner would think twice about phoning the police if they were broken into, yet for some reason, businesses don’t seem to think a cyber breach warrants the same response.
Our report shows that cyber must stop being treated as the domain of the IT department and should be a boardroom priority. Businesses need to develop a cyber security policy, educate their staff, review supplier contracts and think about cyber insurance.
Using international standards to protect your business
ISO 27001 is the international standard for an information security management system (ISMS), a risk-based approach to information security that covers everything in your organisation that might put you at risk – people, processes and technology.
“…businesses expect other businesses to get it right, and a failure to do so will be seen as a dereliction of duty…”
Accredited certification to the Standard is recognised the world over as the hallmark of best-practice information security, which is why thousands of organisations, including governments, now require their supply chains to achieve ISO 27001 certification.
Help towards ISO 27001 certification
Achieving certification to the Standard can be a complicated and time-consuming undertaking: organisations must provide documented evidence of their compliance with ISO 27001, which in the case of larger or more complex businesses can mean that you need to create thousands of pages of documentation. This is where IT Governance’s ISO 27001:2013 ISMS Documentation Toolkit can help.
Created by expert ISO 27001 practitioners, and enhanced by ten years of customer feedback and continual improvement, it provides all of the ISMS documents you need in order to comply with ISO 27001, including 11 policies, 66 procedures, 24 work instructions and 36 records acceptable for your ISO 27001 certification audit, plus an Information Security Manual and additional guidance.
All document templates can be customised to suit your company’s needs with a single click.
And if you order before 25 March 2016, you’ll get a free cyber security gap analysis tool to help you benchmark your organisation’s current information security posture against ISO 27001.
All you need to do is use the voucher code