The 5 biggest information security concerns facing organisations

When implementing defences to keep data secure, organisations should rightly put a lot of effort into preventing external actors penetrating them, but as the 2018 BCI Horizon Scan Report reminds us, there are many other things to prepare for.

The report asked more than 650 respondents about the most significant threats facing their organisation and the steps they are taking to mitigate them. According to the respondents, the biggest concerns are:

  1. Adverse weather

Bad weather can severely disrupt your organisation, with anything from strong winds to heavy snow potentially leading to downtime. Their unpredictability makes them even more frustrating, but evaluating your landscape means you can assess the likelihood of certain weather events and plan for them accordingly.

  1. Interruption to utility supply

If your organisation’s water, gas or electricity is compromised, your business operations will probably be affected. Without power, your systems won’t run, and you wouldn’t expect your employees to work if you didn’t have running water.

There’s also the threat of physical damage. An electrical problem or burst water or sewage pipe could damage your building and infrastructure, making it unsafe. In that event, you’d have to close off part or all of your office until the issue was resolved.

  1. Unplanned IT and telecom outages

Organisations should be prepared for the possibility that their technology might simply stop working. Systems crash, files are lost and documents go missing. When the problem isn’t immediately obvious, you’ll need to halt or limit the amount of work that can be done until you find out what’s wrong.

  1. Data breach

Organisations can lose data in any number of ways. Cyber attacks are the most reported form of data breach, but malicious insiders and employee negligence pose a significant risk – and in some industries, they are the biggest risk.

No matter who breaches an organisation, it is typically because of a lack of technological defences and poor information security policies (or a failure to enforce them).

  1. Cyber attack

Cyber attacks are, of course, organisations’ top concern. There are many ways cyber criminals can target organisations. Each will cause different kinds of damage and need to be defended against in different ways. Some attacks, such as phishing campaigns, are typically designed to steal personal data. Others, such as ransomware and denial-of-service attacks, have several possible aims, ranging from extorting money to disrupting business operations for political reasons.

How to prepare for disruptions

You can address whatever concerns your organisation has by implementing a business continuity management system (BCMS).

A BCMS is a comprehensive approach to organisational resilience. It helps organisations update, control and deploy effective plans, which will enable them to recover promptly from any incident affecting business-critical processes and activities – from the failure of a single server to the complete loss of a major facility.

Even the most secure organisations are vulnerable to cyber attacks and unplanned disruptions, so it’s imperative that you protect against data loss and mitigate the damage when an incident inevitably occurs. An effective BCMS will minimise the damage caused by information security incidents and enable you to return to ‘business as usual’ quickly and with as little disruption as possible.

According to the BCI report: “[T]he longer organizations adopt business continuity for, the likelier they are to keep investing in it, which is probably due to the long term benefits this function brings.”

It adds: “For the third year running the use of ISO 22301 [the international standard that describes best practice for a BCMS] continues to increase with 70% of survey respondents now actively using the standard. Coupled with the growth in [business continuity management] investment, it’s clear to see the importance being placed on preparing an organization.”

IT Governance offers a wide range of products and services to help you implement a BCMS, including books, training courses, consultancy and toolkits.

If you don’t know where to begin, we recommend reading our free green paper: Business Continuity Management – The nine-step approach. It discusses:

  • How to implement a BCMS;
  • The issues you need to consider;
  • The roles that your employees will play; and
  • How to measure, monitor and review your BCMS.

Download Business Continuity Management – The nine-step approach >>