Many UK businesses are still dangerously exposed to cyber threats because they haven’t got a robust security strategy.
According to the UK government’s latest Cyber Security Breaches Survey , 32 per cent of businesses have suffered a data breach or cyber-attack in the past 12 months. While that’s lower than previous years, it still suggests that a significant number of organisations aren’t taking security seriously enough.
And although the number of incidents may be less, the cost of them is on the rise. Businesses affected by a cyber incident in 2017 paid out £2,450 on average; years later, it’s £4,180.
Cyber threats can be reduced for organisations by having a cyber security strategy.
The task of devising and managing it could be the responsibility of a chief technology officer or a chief executive or your IT team. However, titles aren’t as important as having a dedicated resource that’s in control of how security is devised, managed and regularly updated.
The team or individual that’s responsible should have the knowledge required to identify areas at risk and ensure resources are made available to tackle them.
However, other teams also need to take responsibility e.g. your communications team – if you have one it’s important to communicate effectively internally and externally about cyber threats and to help minimise any damage if an attack happens.
Every section head and every director level postholder should also be involved ensuring policies and processes are adhered to. Employees too should be encouraged to provide feedback to spot any flaws and to ensure best practice is followed.
Having a good understanding of the potential pitfalls when buying new IT equipment is another essential part of your strategy because it’s important to know exactly how products are configured and where they are made. Also check the vendors are securing their devices prior to shipping them.
Any security strategy also needs to take account of equipment becoming obsolete. Some may need updating or replacing sooner than originally assumed. So, it’s sensible to include a programme of phased replacement in your strategy.
And you also need detailed documentation comprising information that complements the manufacturers’ instructions for configuration to deal with the ever-evolving cyber threats, which can be passed on to a successor. A new chief technology officer or IT manager, for example.
Gary Jowett from Computer & Network Consultants in Brighton said: “A meticulous cyber security policy is essential to ensure security equipment and systems provide the level of protection your organisation requires. Integrators who have this information to hand when deploying systems are also able to provide peace-of-mind in the form of written documentation to show that all devices and systems they’ve deployed comply with your security policy.”