What is Cyber Security? Definition and Best Practices

Cyber security definition

Cyber security is the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks.

It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks and technologies.

 Learn more about the cyber threats you face

To find out more about the fundamentals of cyber security and how to defend against attacks, read our pocket guide Cyber Security: Essential principles to secure your organisation.

Cyber security vs information security

Cyber security is often confused with information security.

• Cyber security focuses on protecting computer systems from unauthorised access or being otherwise damaged or made inaccessible.
• Information security is a broader category that looks to protect all information assets, whether in hard copy or digital form.

The legal requirement for cyber security

The GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018 require organisations to implement appropriate security measures to protect personal data. Otherwise, there's a risk of substantial fines.

Cyber security is a critical business issue for every organisation.

Why is cyber security important?

Challenges of cyber security 

Mitigating the cyber security risks facing your organisation can be challenging. This is especially true if you have moved to remote working and have less control over employees’ behaviour and device security.

  Learn more about remote working and cyber security

An effective approach must encompass your entire IT infrastructure and be based on regular risk assessments.

  Learn more about cyber security risk assessments

What are the consequences of a cyber attack?

Cyber attacks cost organisations billions of pounds and can cause severe damage. Impacted organisations stand to lose sensitive data, and face fines and reputational damage.

  Learn more about cyber crime and how it affects you

  Learn about the cyber threats you face

Managing cyber security

Effective cyber security management must come from the top of the organisation.

A robust cyber security culture, reinforced by regular training, will ensure that every employee recognises that cyber security is their responsibility and defaults to security instinctively.

Good security and effective working practices must go hand in hand.

How to approach cyber security

A risk-based approach to cyber security will ensure your efforts are focused where they are most needed.

Using regular cyber security risk assessments to identify and evaluate your risks – and whether your security controls are appropriate – is the most effective and cost-efficient way of protecting your organisation.

  Learn more about cyber risk management

Cyber security checklist

Boost your cyber defences with these must-have security measures:

1. Staff awareness training

Human error is the leading cause of data breaches. It is therefore essential that you equip staff with the knowledge to deal with the threats they face.

Staff awareness training will show employees how security threats affect them and help them apply best-practice advice to real-world situations.

2. Application security

Web application vulnerabilities are a common point of intrusion for cyber criminals.

As applications play an increasingly critical role in business, it is vital to focus on web application security.

3. Network security

Network security is the process of protecting the usability and integrity of your network and data. This is achieved by conducting a network penetration test, which assesses your network for vulnerabilities and security issues.

4. Leadership commitment

Leadership commitment is key to cyber resilience. Without it, it is tough to establish or enforce effective processes. Top management must be prepared to invest in appropriate cyber security resources, such as awareness training.

5. Password management

Almost half of the UK population uses ‘password’, ‘123456’ or ‘qwerty’ as their password. You should implement a password management policy that provides guidance to ensure staff create strong passwords and keep them secure.