Ahead of its summit in Davos this week, the World Economic Forum published its Global Risks Report 2016, in which it warned that most of the world’s economies are underestimating the potential effect of cyber attacks on businesses – and their economies.
According to the report, only eight countries have rated cyber risks as their highest priority: Estonia, Germany, Japan, Malaysia, the Netherlands, Singapore, Switzerland and the US.
As the WEF explains: “Although organizations may recognize the benefit of cyber technologies for their bottom lines, they may not be fully internalizing cyber security risks and making the appropriate level of investment to enhance operational risk management and strengthen organizational resilience.”
Businesses exhibit poor understanding of cyber risk
The report goes on to consider the difficulties faced by businesses when identifying and mitigating the ever-widening array of cyber risks they face.
“Attempts to detect and address attacks”, it explains, “are made harder by their constantly evolving nature, as perpetrators quickly find new ways of executing them. Businesses trying to match this speed in their development of prevention and response methods are sometimes constrained by a poor understanding of the risk, a lack of technical talent, and inadequate security capabilities.”
The WEF concludes: “Businesses need to strengthen their resilience to ensure continued operation and survival in the face of risks.”
A best-practice approach to cyber risk management
The international standard ISO 27001 sets out a best-practice approach to cyber risk management that can be adopted by all organisations. Encompassing people, processes and technology, ISO 27001’s enterprise-wide approach to cyber security is tailored to the outcomes of regular risk assessments so that organisations can mitigate the cyber risks they actually face in the most cost-effective and efficient way.
Independently audited certification to the Standard demonstrates to investors, stakeholders, customers and staff that information security best practice is being followed. This approach can also be applied throughout the supply chain: once your ISMS has been certified to the Standard, you can insist that third-party contractors and suppliers also achieve certification.
According to the latest ISO Survey, there was a 17.6% growth in the number of ISO 27001 certificates in the UK last year. As more and more organisations seek to implement best-practice information security practices based on the Standard, an ISO 27001 qualification is something that IT executives, compliance managers and management systems professionals can no longer afford to be without. Book a place on one of IT Governance’s ISO 27001 training courses now to start 2016 with the best chance of increasing your earning potential.