A coherent cyber risk management strategy, aligned with business objectives, enables organisations to mitigate cyber attacks more effectively by focusing IT spending on the right areas.
A client of IT Governance recently expressed their concerns regarding the increasing number of data breaches in the news. To reduce the likelihood of a data breach, this same client has bought different types of anti-malware software in the hope that this will more effectively protect the organisation from cyber attacks. Has this client made the right investment on the right software, or have they lost money?
While technology plays an important role in protecting yourself against cyber crime, it’s not enough. Organisations need to look at the processes that drive the technology and the people behind those processes.
Organisations are not making the right level of investment in information security
More than 40% of the 260 respondents who took part in the IT Governance Cyber Watch Survey 2013 admitted that they weren’t making the right level of investment in information security. Buying software licences is an easy way of ticking a box, but it can be expensive without resolving the issues at the core of robust, dependable information security.
The role of cyber security standards for managing IT costs
There are various standards and frameworks that can serve as guidance for managing cyber risks, but ISO27001 is considered the most robust and comprehensive.
Implementing ISO27001 – the international information security standard – can help businesses rationalise and reduce their security expenditure and the impact of cyber crime. The Case for ISO27001:2013 explains the business benefits of adopting ISO27001, including an increased ability to manage and control the costs of information security solutions.