Why you – yes, you – need to take responsibility for your firm’s security
Cyber security is now a top issue for many firms. In fact, it’s frequently listed alongside disruptions such as business interruptions, climate change and economic upheavals as among the biggest threats enterprises face.
However, despite this, there may still be a tendency in some organisations to treat cyber security as solely being the responsibility of the IT department, which may see many firms take a ‘hands-off’ approach that does not give the issue the importance it deserves.
In fact, the National Cyber Security Centre stresses that protecting businesses’ systems from breaches must now be a board-level issue, with senior personnel taking the lead in planning for and responding to any security incident.
The business consequences of a cyber security breach
The business consequences of a cyber security incident or data breach are higher than ever, be this in terms of lost business, financial penalties or a hit to your firm’s reputation. And this means it will ultimately be up to the board to deal with the fallout of an attack.
One major risk is the potential for direct business disruption if an attack knocks key services offline. For instance, it was recently revealed that foreign exchange firm Travelex is expecting to lose around £25 million as a result of the ransomware attack it suffered at the start of the year, which saw staff resorting to pen and paper as critical systems were taken down.
Another factor to consider is the strict rules of GDPR, and the penalties that can be imposed under the legislation. For starters, the rules now have tough reporting requirements for breaches, so businesses will no longer be able to sweep cyber incidents under the rug. As a result, security failings are likely to have a direct impact on a firm’s reputation as they will have to publicly reveal any issues.
What this all means is that, with the bottom line almost certain to be impacted by any incident, senior staff will be forced to take ultimate responsibility for any incidents, with shareholders and customers alike demanding answers as to why key personal and business data was not protected.
This is not just an issue for large enterprises. Smaller firms are just as likely to come under attack, often because these companies are perceived as having weaker defences or be useful gateways into larger partners. For these firms, a cyber breach can be even more devastating, and potentially put the entire future of the business at risk, so it’s essential everyone is paying attention to security defences.
As well as safeguarding your business from negative consequences, there are other advantages to ensuring senior staff play a leading role in security planning. For instance, if the most senior personnel throughout the business – and not just from the IT department – are prioritising cyber security, this sends a clear message to other employees that it is to be taken seriously. This filters down and ensures people at every level of the company are engaged with the issue.
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.