Wherever business leaders and owners turn today, you will very quickly encounter cyber security and cyber crime as a key problem. Whether it is a story of the latest data breach of a big brand name, a crippling ransomware incident, or somebody you know who has fallen victim to invoice fraud — to name just a few examples — cyber security is without any doubt a huge issue for all business leaders.
The biggest mistake any business leader can now make is to try and deny the risks that come with using technology. For those who try and downplay the significance of cyber crime, one need only look to the British Government’s own assessment of the impact of cyber crime. In 2018, the Department for Culture, Media and Sport (DCMS) discovered in their annual Cyber Breaches Survey that 43% of all UK businesses had detected a cyber attack being carried out against them. Further to this, 74% of all UK businesses had received some type of phishing email.
The data is clear, regardless of industry or business size, all of UK business is under cyber attack daily. All industries, business types and sizes are subject to a daily barrage of phishing emails and numerous other types of cyber attack. Any business leader who does not take proactive measures to ensure the resilience of their company to a cyber incident is betting the security of their company against the clear data of cyber risk across UK business.
The next retort that a business leader may be tempted to offer is “we have a good IT team for that.” This is a myth sorely in need of slaying; cyber security is far more than an IT problem to be delegated away from the board. Cyber security is about your culture, your staff awareness, your board investment and attention span, and it must also be a part of your company’s strategic vision and plan. These issues extend far beyond the remit of even the best IT teams, and require leadership from the very top.
So what must business leaders do to address cyber security?
1. Become aware of the problem
First, be aware of the problem. Do not rely on rumour and hearsay from the tabloids and news, seek training from experts to ensure awareness across your whole workforce is achieved. Without awareness from experts, leaders and the workforce may well operate on the basis of erroneous assumptions.
2. Test your cybersecurity posture
Next, gather data not opinions. Only by carrying out robust tests of your own cyber security posture can business leaders base strategic decisions on data and not opinion.
3. Develop a security culture
Finally, drive cultural change from the top. Business leaders must assign role of responsibility for cyber security and ensure a cultural change programme throughout the entire workforce. Business leaders must focus on these three strategic fundamentals, doing so will be huge strides in achieving resilience against cyber attack.