IT Governance’s Boardroom Cyber Watch Survey 2014 found that 55% of respondents had been asked about their cyber security credentials in the last year.
I’ll eat my hat (it’s a trilby, if you were wondering) if this doesn’t go up when our 2015 report is published in a few weeks’ time.
The fact is, sooner or later you are going to be asked about your cyber security credentials, whether it’s by your business partners, customers or suppliers. And it won’t just be multimillion-pound contracts being signed by FTSE 100 companies. The reliance on technology and pervasive threat of cyber attacks to anyone with a web presence means that businesses of all sizes need robust cyber security, and a means of demonstrating this.
SMEs are at the greatest risk
For many organisations, especially SMEs with little to no in-house expertise, tackling cyber security can seem like a daunting task.
Maxim Weinstein, a security advisor at security firm Sophos, recently told the BBC that SMEs are “exposed to many of the same attacks as much larger enterprises, yet they don’t have the security expertise and resources available to those larger firms”. What’s more, research from Sophos indicated that a staggering 30,000 websites a day are being compromised, and most of these were – yep, you guessed it – SMEs.
What kind of reassurance can you give your customers and suppliers that you are looking after their information and ensuring you are protected against the latest cyber threats?
Improved cyber security offers much more than just protection
What exactly, I hear you cry! Well, not only will you benefit from the better protection of your own information, you’ll also gain a competitive advantage by demonstrating your cyber credentials.
For example, certification to ISO 27001 or evidence of compliance with the PCI DSS (for merchants and service providers) is often a tender or contractual requirement because it proves that an organisation has been independently audited against internationally recognised security standards.
Those that implement an information security management system (ISMS) will benefit hugely from improved processes and control of data within the organisation.
Furthermore, improving and having demonstrable cyber security can also reduce your cyber security insurance. And finally, it will also dramatically reduce the chances of you experiencing a cyber attack. That’s kind of important, isn’t it?
What can I do now?
So, what kinds of credentials are available and, more importantly, which are recognised by businesses?
Data Protection Act compliance – essential for anyone who processes or stores personal information.
Show me how to get DPA credentials >>>
PCI DSS – a requirement for merchants and service providers who process card payments.
Show me how to get PCI DSS credentials >>>
Cyber Essentials – the UK Government scheme to help organisations implement a basic level of security that will defend businesses from 80% of the most common cyber attacks.
Show me how to get Cyber Essentials credentials >>>
ISO 27001 – the world’s leading cyber security standard, based on the principal of creating an information security management system to manage the confidentially, integrity and availability of information within the organisation. Its focus is complete in that it covers people, processes and technology.
Show me how to get ISO 27001 credentials >>>
If you’re completely new to cyber security and the last two paragraph of this blog (thanks for sticking with me) have left you bemused, then why not download a free copy of our green paper ‘Cyber Security – A Critical Business Issue’. It’s easy to read, and provides a complete overview of the latest cyber threats and what you can do about them. Also, there is no mention whatsoever of hat eating or trilbies.