A survey by Penn Schoen Berland (PSB), conducted on behalf of AIG, has revealed that 85% of the 258 decision makers surveyed are more concerned about cyber risks than about other major business risks, including: lost income, property damage and investment risk. Findings from the survey, published on www.net-security.org
, show that the majority of respondents consider reputational risk from a cyberattack to be far greater to a company than the financial risk. At the same time, legal compliance issues are making companies think more about cyber risks.
Alan Calder, CEO of IT Governance
and a cybersecurity
authority, comments, “The results of this survey are encouraging as they demonstrate that senior management is already taking cyber risks seriously. The next thing expected from executives is that they do something about fighting such risks. Cybersecurity
is, and has to be, the norm. In the future, no organisation will be able to survive and maintain its competitiveness in the market unless it has a proper information security management system in place, aligned with its technology, resources and business objectives.”
Calder is a great supporter of the international cybersecurity standard, ISO27001
, and believes that there should be more regulation in the industry. His book, IT Governance - An International Guide to Data Security and ISO27001/ISO27002
, has been written for both senior executives and implementers, and carefully explains the business benefits from following the practical steps of implementing an information security management system
A lot of effort is already going into improving national cybersecurity with both the US and UK governments making considerable investment. As reported by Computer Weekly
, President Barack Obama is expected to issue a cybersecurity executive order in the days after his February 2012 State of the Union address which will create a voluntary programme. The programme will call for companies in critical infrastructure industries to agree to adopt a minimum set of security standards created by the government.
Calder says, “The global adoption of the international information security standard should benefit everyone — individuals and organisations. Companies that are already certified to ISO27001
are well ahead of their competitors and better protected from cyberattacks.”
Everything senior decision makers need to know about cybersecurity and ISO27001 is available from the IT Governance website at www.itgovernance.co.uk/infosec.aspx