Takeaway one – Cyber security is just not on the radar of some businesses
Just hours into the show it became clear that for a significant number of small businesses, cyber security is something they’ve just not considered enough. This frightening level of immaturity when it comes to cyber risk awareness and understanding means a large percentage of the British economy is exposed to and at risk of falling victim to a cyber incident. A successful cyber attack has the potential to paralyse an organisation’s networks and systems, killing a business within hours. This means it’s critical for companies of all sizes to understand the risks they face and then take the necessary steps to ensure they are resilient both in terms of IT and the business itself.
Takeaway two – Other businesses know they need to do more
Despite my alarm at some businesses having never considered the cyber risks they face, I was heartened to speak with others that were aware of the threats out there and had taken steps to protect themselves against them. But speaking with representatives from these (mainly medium-sized) organisations, many also felt they needed to do more but weren’t sure how to go about it. Most thought that cyber resilience was an expensive undertaking and that they could spend vast sums of money and time and still not be protected. Of course, we explained that cyber resilience can be achieved efficiently, both in terms of cost and resources.
Takeaway three – Cyber security and the human element
A lot of the businesses we spoke to see cyber risk as a problem for the IT department to solve. But this approach leaves the business exposed. Cyber risk covers all aspects of an organisation, from the Board right down to its people. In fact, employees can be a business’s greatest weakness (but equally its greatest strength). Organisations must consider how to manage movers, leavers and new starters while also training staff on all aspects of cyber security. This includes how to handle phishing emails, creating effective passwords and keeping them safe – and even what to do in the event that a cyber attack is successful. This can make the difference between an attack getting through or not, or ensuring the business is not damaged beyond repair if it does.
For small to medium size businesses to be genuinely resilient, they must first get a clear picture of where they’re currently at when it comes to cyber security.
A CRMG Cyber Risk Checkup allows them to do just that, while also providing a realistic improvement roadmap based on the company’s risk profile and resources available. This helps to reduce cyber risk exposure while improving cost efficiency and boosting business confidence.
This can be combined with War Gaming and Disruption planning, which helps to ensure it’s business as usual in the event of a successful cyber attack. This allows businesses to test their ability to maintain operations, which is key to limiting the impact and minimising damage to the organisation. It also helps to engage and educate management and staff as well as implement effective business disruption arrangements based on the outcome of the exercise.
All of the companies we spoke to at The Business Show would benefit from a CRMG Cyber Checkup and conducting War Gaming and Disruption Planning. If you’re reading this, the chances are your organisation could too.
