Is your Board failing your business when it comes to cyber security?

We all use a myriad of technology to communicate, perform our jobs and interact with each other socially. Because of our dependence upon information and technology, cyber security is a an issue that pervades every aspect of society, from individual data protection, to the security of your businesses systems, through to nation-state cyber-espionage and cyber terror.

One of the huge problems in tackling cyber security is that technology develops faster than the security to protect it. Education and training are also still areas of concern in the fight against cyber crime. People need to understand that everyone has a role to play in protecting their information (both personally and professionally).

Businesses are under constant attack

Mandiant’s new M-Trends report (M-Trends 2015: A View from the Front Lines) concluded that “organizations should consider data breaches… a business reality”.

But many businesses are still burying their heads in the sand when it comes to cyber security. Addressing cyber security has to come from the top down, but there is still a worrying lack of input, interest or involvement from boards.

Mention cyber security to your Board – do they stare back blankly?

PWC’s 'Managing Cyber Risks in an Internconnected World – the Global State of Information Security Survey 2015 stated that:

It is incumbent upon the executive team to take ownership of cyber risk and ensure that the Board understands how the organization will defend against and respond to cyber risks.

I think we’d all agree with that. The problem the survey uncovered, however is that cyber security is still not being elevated to a Board-level issue in most cases. Gathering responses from more 9,700 C-suite executives the report found across six key areas,
the report found that 60% of Boards were not involved in most security activities:

Board involvement with security activities

In a world where the cyber attack and data breach are ubiquitous, these statistics are truly staggering. If we remind ourselves that “organizations should consider data breaches… a business reality”, then the Board really needs to pull its finger out. It’s not a case of ‘if’ – it’s a case of ‘when’ you are going to be attacked, and how you are going to respond.

Ask yourself, is your Board letting you down? Going by these statistics at least 6 on 10 are. And don’t just think it’s the businesses assets at risk, just ask all those Sony executives who had their personal emails hacked and exposed last year.

Where do you start with cyber security?

Understandably, many businesses don’t know where to start, especially those with little or no cyber security expertise. Even those that do can often find it difficult to get board buy-in for a cyber security project.

You could do a lot worse than start with the UK Government’s Cyber Essentials scheme. It was devised to help businesses of all sizes achieve a baseline of security by implementing a set of five key controls.

Benefits of implementing Cyber Essentials:

  • Protect your business from 80% of the most common cyber threats.
  • Certification demonstrates a commitment to cyber security.
  • Cyber Essentials is a prerequisite for some Government contracts.
  • Reduced your cyber insurance premiums.
  • Improve customer and stakeholder confidence.

Adoption of the scheme presents clear and tangible benefits for the board to see. It is also relatively inexpensive to implement, with our Cyber Essentials packages that can help you achieve certification to the scheme starting at just £300.

Find out more about achieving certification to the Cyber Essentials scheme >>

Cyber Essentials Certification