Alan Calder, founder and executive chairman of IT Governance, warns attendees at Internal Audit 2018 that breaches are inevitable, pointing out that organisations neglect the basics of cyber security and fail to adequately prepare for the consequences of a breach.
“The average period between a breach occurring and it being discovered is 197 days,” Calder told delegates. “One of the things you have to prove under GDPR is that you weren’t negligent, and I struggle to see how you can claim not to be negligent if it takes you 197 days to find out you were breached.”
Alan recommends a risk-based approach focused on strengthening the pillars of effective information security: people, processes and technology, intertwined and working together.