Posted by Lucy Nash, Solicitor
Who needs to worry about cyber security?
In considering whether or not your organisation is ready for the year ahead, cyber security should be at the top of your list.
More than 53,000 cyber security incidents were reported across 65 countries in the year ending March 2018. With technology rapidly developing, cyber criminals are constantly finding new opportunities to take full advantage of any organisation’s lack of ability (or concern) in keeping up with the latest advances in technology.
Who should be responsible for an organisation being prepared for a cyber incident?
Many assume cyber security is a simple IT issue and management will often leave it to the IT department to put the technology in place to prevent hackers gaining access to the systems and believe that eliminates the risk. However, we see cyber security as much more than that and strongly advise senior management to consider making it a priority as part of an organisation’s strategic risk management policy.
Some of the benefits of a higher awareness of your organisation’s exposure to risk are obvious, but some less so. Many focus on the negatives that will inevitably come with a cyber incident, i.e. data protection breaches, financial penalties, irreparable damage to reputation, loss of confidence from customers (to name but a few). But what if you focused on the positives that could come with being confidently prepared for a cyber incident instead?
For example, as a member of the senior management, if you had complete visibility of your organisation’s risk exposure and were confident in the policies and procedures in place at every level, would you be able to make decisions more efficiently? Could your organisation benefit financially knowing it was less exposed to losses? Would you sleep better knowing your organisation had adopted a robust and risk-aware culture from the top down?
What questions should senior management be asking at the next board meeting?
• How confident are you that your organisation’s most sensitive information is properly protected from the risk of a cyber incident?
• Could an attack shut your organisation down entirely for a period of time? If so, what contingency plans do you have in place to deal with this?
• How likely is it that you, as senior management, will be targeted, or will your employees be the focus? If so, what training do you have in place for new employees and what policies and procedures are in place for your employees to deal with and report suspicious cyber activity?
• Have you seriously considered what would happen to your organisation in the event of an attack? Would your and / or your organisation’s reputation be damaged? If so, what could you do to limit this damage?
• How are you keeping up-to-date with the latest cyber threats? Do you have a Chief Intelligence Officer or equivalent providing you with the vital updates you need? If not, consider appointing one. Do you share know-how with other organisations in order to learn from your peers?
Pro-active risk management of cyber security is key
The increasing global cyber war being conducted by terrorists, criminals and chancers alike is a risk to all of us both personally and professionally. That risk will never go away completely but there are many things you can do in order to keep your organisation ahead of the curve in being prepared and protected as much as possible.
Cyber incidents could impact your organisation’s value, reputation, culture, technology and finances. You must be confident that you have identified what needs to be protected, who is going to be responsible for protecting it and what technology, policies and procedures you have in place to do so. Don’t wait until it is too late.
Our privacy and cyber security specialists have experience in reviewing organisations’ current systems and advising in relation to policies, procedures and staff training. We also work with a network of third party professionals who can assist with the technological aspects of data protection and cyber security, and reputation management in the event of a breach.
If you have any enquiries, please contact Lucy Nash on:
01865 268 685 Email us
Minimise the impact with our dispute resolution solicitors