Latest News

VIEW: On comprehensive cyber resilience

By James McAlister, chairman, the Business Continuity Institute

The BCI launched its annual Cyber Resilience Report earlier this month, once again highlighting the global increase in cyber vulnerabilities. The top three risks were found to be phishing, malware and social engineering, with new entrant ransomware only just making the top five. But will new legislation like the GDPR, state of the art anti-hacking software or staff security awareness training stop all future attacks? Not on their own.

Cyber attacks are inevitable due to the increasing complexity of our IT systems, diverse data supply chain networks, lack of internal expertise to deal with attacks, and the abundance of cyber criminals earning fortunes by exploiting the smallest vulnerability. That is not to say that we should adopt a fatalist approach to an attack and do nothing, but we must prepare for a reasonable worst-case scenario if we do suffer an attack. With that planning assumption in mind, we can then consider what I believe is the true weakness in our cyber defences: the C-Suite.

Those of you who have read the BCI’s Cyber Resilience Report would now challenge me, as the survey finds that there is a 60% commitment by top management to drive cyber resilience efforts. That may be true and as we all know SMT buy-in is essential to embedding all organisational resilience disciplines but what most high-level management teams fail to recognise is that in a cyber crisis, they will have to deal with a wide variety of hands-on strategic level dilemmas far removed from IT technical solutions or cyber insurance that most of them currently believe will cure the problem.

No software patch or pay-out is going to preserve reputation, brand equity, market share or customers. What we really need to do is invest time and effort preparing for what may happen through crisis communication training and then ensure they regularly take part in cyber attack rehearsals and exercises that challenge them with realistic scenarios.

Obviously, hiring external expertise doesn’t come cheap, but with the cost of a data breach to a FTSE 100 firm estimated at £120m, training is well worth investing in.

Download the report at www.thebci.org/index.php/bci-cyber-resilience-report-2017

    Share Story:

YOU MIGHT ALSO LIKE

Hospitality sector urges clearer government guidance and more support over pandemic next steps

2022 Predictions: A year of opportunity

2022 Predictions: FCA and Treasury will seek AR oversight improvements


BANNER

The Future of Risk & Resilience with AI & Data
CLDigital's Co-Founder, Tejas Katwala, joins CIR Magazine to discuss how CLDigital is transforming enterprise risk and resilience. By integrating business processes, AI and data-centric strategies, organisations can move beyond compliance to proactive risk management – simplifying operations, strengthening resilience, and driving business performance. Listen now to explore the future of intelligent risk management.

Investec is disrupting premium finance – Podcast
Investec made waves in entering the premium finance market, where listening and evolving in response to brokers made a real difference.

Advertisement
© 2019 Perspective Publishing     Privacy & Cookies