Jeremy Gardner disccusses the aspect of cyber risk management at Board level
One of the many privileges of my job is to sit alongside some of the region’s most dynamic and entrepreneurial business owners at the Boardroom table in my capacity as their Finance Director.
Boardmembers have to tackle many issues as they execute the business strategy, and my role is to help them stay one step ahead of competition and pitfalls.
“How comfortable are you that you know what cyber risks your business faces and how you deal with them?” A fairly straightforward question which I posed to two non-executive directors of a client recently. The response was not at all conclusive. It feels like too much is being left to chance.
The point I was trying to make was that cyber risks are evolving rapidly. They don’t respect time. And Boards have to stay on top of those risks and make certain that they are doing everything within their power to protect the assets of the business from attack.
Statistics on cyber risk
I quoted some statistics from a recent Ipsos MORI report (Cyber Security Breaches Survey 2018) which underlines some worrying trends.
43% of all businesses and 65% of large firms detected a cyber security breach or attack in the past 12 months. One quarter of these experience a breach at least once per month.
Where breaches have a material outcome, the average cost for medium sized businesses was £16,100 and for large businesses the average cost was £22,300.
74% of businesses say that cyber security is a top priority, however only three in every 10 businesses have a board member with responsibility for cyber security and one in five never update their senior managers on cyber security issues.
Only 20% of businesses have provided staff training on cyber security issues in the past year, despite the fact that the human element is often the one most exploited by attackers.
51% of businesses have undertaken five or more of the Government’s “10 Steps to Cyber Security”. Consequently, this means that 49% have not.
These are statistics which should grab the attention of any Board.
Firstly, a full review of the risks. Following the review plan to put in place the roadmap set out in the Cyber Essentials scheme. A full review of the risks and a plan to put in place the roadmap set out in the Cyber Essentials scheme.A simple but important step in adding protection against a modern threat.