Don’t ignore cyber threats

According to new research conducted by the Department for Business, Innovation & Skills (BIS) with MI5 and GCHQ – only 14 per cent of directors responsible for audit at the FTSE 350 firms regularly consider cyber threats, with a significant number receiving no intelligence at all about cyber criminals.

  • 10 years ago Posted in

ICT “Company of the Year” Espion, which specialises in information risk management, believes this research should serve as a wakeup call to those charged with governance and compliance to apply the same rules to information risk that are in place for other forms of corporate risk.
Espion’s Head of Consultancy, Stephen O’Boyle (B.Sc, CISA, CISSP, CISM) says: “Whether attacks from data thieves, spies or saboteurs who steal from, gain unfair advantage over or damage companies, the cyber crime threat facing UK organisations is increasing.


It is worrying to see a mere 17 per cent of these organisations have clearly set out what they see as an acceptable level of cyber risk. How an organisation manages information risk can be a key factor in its ultimate success or failure and cyber security must feature higher on the corporate agenda.”


The impact of cyber crime on a company’s reputation, share price or even existence is well documented. Espion has produced ten questions board members should ask of management to support existing strategic level discussions on cyber crime.
1. Do we have a dedicated resource responsible for information security? Who is involved in the governance of information security?
2. Have we identified our key information assets, where they exist within our enterprise or partner ecosystem?
3. Do we know how vulnerable they are to attack?
4. Do we perform a risk assessment of cyber threats against key systems identified?
5. Do we have a set of controls to protect our critical information (financially sensitive data, IP and client information) against industrial espionage, extortion, customer data loss, fiscal fraud?
6. Do we have an assurance that the controls in place are effective?
7. Do we have a security strategy in place for social media, mobile devices, cloud computing and employee use of personal devices (BYOD)?
8. Do we ensure that secure off-site backups of key data exist?
9. Do we have formal information security policies and awareness programmes in place to ensure they are understood by the entire workforce?
10. How many security incidents have we had in our organisation in the past 12 months and do we receive regular reports / intelligence on such incidents including methods and motivation?

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...