Are you a risk taker?
You might want to think twice before you answer that
According to the FCA, 26% of organisations surveyed last year don’t have a board approved Information Security strategy. They also cite concerns about not having appropriate, real time records about Information Assets, relying on ad-hoc, manual processes, and rarely are older out of date systems replaced or removed as Information assets.
With Allianz citing Cyber as the #1 risk to UK business, there is increasing pressure to have an informed, approved and ongoing Information Security strategy.
So what does that look like for most organisations, in particular in the SME space?
Largely this is a ‘depends’ answer, as no two organisations are that alike and almost always have different approaches to risk. Risk, or management of risk to be more specific, is the cornerstone to any good information security approach, which is why one of the most popular Information Security standards, ISO 27001, is based on understanding and managing risk.
The challenge comes in that most organisations don’t understand their current level of risk in cyber, or, it hasn’t been portrayed in a non-technical way, leaving it very difficult to make decisions based on fact. All too often, we meet organisations that either don’t know they have a risk, or known risks haven’t been presented to the board in a way that allows an informed decision to be made.
Understand your level of risk
To help combat this, we have developed our Practical Cyber workshops to allow business leaders to better understand the level of risk they are exposed to, ask the right questions and subsequently make informed decisions about how known risks will be treated.
Prevention is better than cure. Our advice is to be proactive and not hold off determining your current level of risk in cyber. To enquire about our Practical Cyber workshops for business leaders, contact us on 0330 403 0011 or via our enquiry form.
Author: Todd Gifford, Certified Information Systems Security Professional (CISSP), Head of Consultancy at Optimising IT.