Every modern organization knows that cybersecurity is a hot topic. From high profile breaches in the news to increased investment in security talent across industries, there is little doubt that companies need to wake up to the risks of cybercrime.
But this doesn’t always translate into action on a day to day basis, and it’s unclear just how many businesses are taking this threat seriously enough.
But who is ultimately responsible for addressing this risk? A company needs to have a plan in place that sets a risk appetite which determines how much risk the company is willing to take while still comfortable in achieving business objectives.
Depending on the size and complexity of an organization the responsible individual may be the CEO, CISO, CFO or even the business manager. But security takes resources which have to come from somewhere. The driving force behind a proactive cybersecurity policy may be aversion to risk of loss of reputation, business interruption, or breach of customer information.
Understandably then, the focus on most organizations is external threats coming in from the outside of the company, but attention must also be paid to those internal risks that could similarly harm the business.
According to security professionals a breach of sensitive or confidential data was the primary concern which has grown significantly with the growth in use of cloud services.
Evaluating cyber-risk should be an ongoing process as 60% of medium and large businesses in the UK have reported having a cybersecurity breach or attack according to the gov.uk’s cybersecurity breaches survey 2019.
Companies appear to be undertaking more accountability of cybersecurity as 58% of large firms in the UK report on cybersecurity updates to their respective boards on a monthly basis.
It has become clear that as the cybercrime world evolves, so too must its potential victims.