The Cybercrime section of PwC’s recently released Global Economic Crime Survey 2016 report highlights “the disquieting fact that too many organisations are leaving first response to their IT teams without adequate intervention or support from senior management and other key players”.
Cyber crime is now the second most reported economic crime among PwC’s respondents (jumping from fourth place last year), and is “the only economic crime to have registered an increase in that category”.
- More than one in four respondents have been affected by cyber crime.
- 18% didn’t know whether they had or not.
- 61% of CEOs are concerned about cyber security, but less than half of board members ask for “information about their organisation’s state of cyber-readiness”
- Only 37% of organisations have a cyber incident response plan
Consequences of cyber crime
Among PwC’s survey respondents, “reputational damage was considered the most damaging impact of a cyber breach”. As the report notes: “the regulatory pain and media scrutiny arising from the theft of credit cards or personally identifiable information can be vast”. So, what can be done?
Cyber security is everyone’s responsibility
PwC has “identified practices that distinguish leaders in the digital age. Chief among these is a proactive stance when it comes to cybersecurity and privacy. This necessitates that everyone in the organisation – from the board and C-suite to middle management and hourly workers – sees it as their responsibility.”
“Cybercrime is not an IT problem. If there is one lesson companies should take away from this study, it is this one.”
The best way to ensure that everyone in the organisation sees cyber security as their responsibility is to build a security culture across the entire organisation, based on international best practice.
International cyber security best practice
ISO 27001 is the international standard that sets out the requirements of an information security management system (ISMS) – a holistic approach to information security that encompasses people, processes and technology. Only by using this approach to information security can organisations hope to instil an enterprise-wide security culture.
Implementing, maintaining and continually improving an ISMS can be a daunting task, however. Fortunately, IT Governance offers a comprehensive range of flexible, practical support packages to help organisations of any size or sector, in any location, to implement an ISMS and achieve accredited certification to the Standard.