But it’s never too late to improve your business’s cyber security and build the ability to prevent, detect and respond to cyber threats. Many preventative measures are relatively straightforward to implement and don’t require advanced IT skills, additional staff training or expensive software.
By carrying out a cyber security risk assessment and then implementing the right controls and processes for your business, you can help it to stay secure and thrive.
Start with the basics
While it’s important to take targeted measures to assess the specific risks your company faces, first you might want to start with the basics and take steps to protect your organisation from some of the most common cyber threats.
One way that you can do this is by signing up to a government-backed cyber security certification scheme called Cyber Essentials, which is available for organisations of all sizes.
By achieving this baseline level of security, you can demonstrate to customers and suppliers that your organisation takes cyber security seriously. The certification is also often a requirement if you want to bid for specific contracts.
Putting a plan in place
Organisations should take steps to determine security risks and take measures to appropriately manage those risks.
At its most basic, your risk management plan needs to encompass the following:
Accepting some risks
When it comes to managing cyber risks, businesses need to accept that they can’t avoid them entirely – there’s always a trade-off. Cyber security risk management involves focusing on those risks which you can practically do something about, such as those identified in the Cyber Essentials Scheme.
According to The National Cyber Security Centre (NCSC), which provides cyber security guidance to businesses, getting this right depends on using judgement. Consider, how much would you expect to gain by taking a given risk? How much it would hurt you if that risk was realised? How much can you afford to spend on protecting your business against that risk?
Getting the right balance is essential to ensure that you’re protected, but not to the detriment of other factors such as customer experience and digital innovation.
Cyber risks vary hugely and so should the approach different companies take. The NCSC warns that carrying out cyber risk management in a ‘tick-box’ fashion can lead to overconfidence in how well risks have been managed. This could ultimately be detrimental to cyber security.
You can learn a lot from studying how other organisations have solved similar cyber security problems to yours. For example, what better place to start than with The NCSC, which has detailed its own IT infrastructure so others can learn from it.
Islands Insurance in partnership with our cyber crime insurers can provide insurance solutions that can assist should your business suffer one of those cyber incidences that can’t be avoided resulting in disruption, financial loss and reputation damage to the business. With prevention being better than a cure, for those businesses that would benefit from additional risk management support, many of our cyber insurers can provide these services complementary to their insurance policies.
If you require a cyber-crime quotation, require advice as to the types of cyber exposures your business many be exposed to or any further information in regards to the covers and risk management solutions available, please contact Mike Norbury at Mike.Norbury@islands.je