A cyber security issue or a business issue?
Cyber security risks continue to expand and evolve at an increasing pace. Defending against potential attacks is becoming increasingly important in order to be able to operate effectively. Business is connected globally on a 24*7 basis. Cyber threats originate on a global basis, 24*7.
The effectiveness of our ability to defend against these threats is not keeping pace. Historically, business has met the challenge of cyber security on the basis of it being a technology issue.
Typical ways of countering the threat include:
- Buying increasing amounts of security software
- Changing security software to newer and better solutions
- Carrying out more penetration testing
- Moving to an outsourced security provider
- Moving to the cloud given it must be more secure
All of those approaches have some merit, however, they are focussed on cyber security rather than the business. If individual businesses continue to view the cyber threat in this way, it is unlikely they will be able to counter the specific threats that they face.
Cyber security or cyber risk?
Foulkon view cyber risk as:
- The risk to your reputation and / or a financial loss arising from a failure of technology
Looked at in this way, the common ways of countering the cyber security threat, does not address all of your cyber risk. A cyber risk management strategy, which effectively quantifies, qualifies and mitigates your technology risks, that is properly aligned to your business strategy, will sustainably protect your business in a cost-effective, pragmatic and practical way.
What should a cyber risk management strategy include?
Cyber risk is a multi-faceted issue. It needs to address people, process and technology. It should be built to support your business objectives. It may include issues such as business transformation and cloud migration. It needs to encompass cyber security, data privacy and cyber resilience.
An effective cyber risk management strategy needs to include:
- Governance and Strategy
- Risk Management
The Foulkon Cyber Risk Assessment
Foulkon understand cyber risk. We work with our clients to implement a cyber risk management strategy that is tailored to their business. The Foulkon cyber risk assement is based on the following:
- Assess our clients’ business objectives (both short and long term)
- Understand the interplay between people, process and technology
- Highlight specific risks
- Identify gaps
- Provide a roadmap for change
That roadmap may include:
- Changes to processes
- Training and awareness
- Rationalised approach to security software
- An outsourced provider of security
- A move to the cloud.
The key point is that the outcomes are aligned to your objectives, based on your specific risks, rather than being a generic response to the cyber security threat.