The financial damage to British companies from cyber security breaches has doubled in the past year, according to a government-commissioned survey.
The survey also found that the severity and impact of attacks has increased over the last 12 months. The average cost of the worst cyber security breach for big companies was between 600,000 pounds and 1.2 million pounds, up from 450,000-850,000 pounds in the 2013 survey. The cost of sweeping up after a breach is often greater than the cost of preventing the breach in the first place.
Often the reason these attacks succeed is not because companies have not spent money on the latest security equipment as some vendors would have you believe. It’s the basics that companies fail to get right.
All businesses should have data ownership assigned and be able to answer these questions with confidence:
- What are my critical data assets;
- Where is this data within the business?
- Who has access to these data assets?
- What is the impact to the business if these data assets were subjected to unauthorised disclosure or modification?
- What is the impact to the business if we lost access to these data assets?
Information security should be led by top management and embedded within the culture of the organisation so it becomes a natural process.
Having worked in the IT industry for the last 20 years our consultants see some common themes emerge which lead to a failure of security within organisations leading to security breaches. These include data ownership assigned to the IT Department rather than the business, lack of management buy in and poor security awareness across the organisation.
We can provide a range of services to de-risk businesses and protect reputation. These include:
- Security assessments to identify weaknesses that could result in the business being susceptible to cyber attack
- IT Health Checks to identify potential vulnerabilities in IT systems
- Security awareness training for senior management and staff
- Identification and valuation of critical data assets
- Risk assessments
- Review and development of information security policies and procedures
- Compliance with ISO/IEC 27001, the international standard for information security
Contact us for more information or to discuss your specific requirements.