Four Steps Towards a Risk Management Strategy

Cyber-crime is unquestionably one of the biggest threats facing the public and private sectors today. Yet in the face of constant warnings and advice we are still seeing a worryingly lax approach to managing the threat of Cyber-crime or, indeed, Cyber-failure.

Recent research by the Insurer Zurich stated half of SMEs will not invest more than £1,000 on Cyber security. Whilst there is no silver bullet, if you suffer a Cyber-attack or failure it is evident that the more resilient you and your business are the more likely you will survive the event. Cyber-protection – or increasing your organisation’s Cyber-resilience – requires investment of financial and intellectual resources. This is Risk Management.
Data is at risk from thieves, hackers and, of course, it can be accidentally lost or damaged. What in your Cyber-world has a value to you or others? With the introduction of the General Data Protection Regulation (GDPR) the data you hold comes with a huge responsibility; indeed, a liability. You need to consider what is likely to be targeted, where is the value in your system?

Let us compare data with a collection of jewellery. You might consider your plain wedding ring the most important; the loss of which might have a huge impact on your life whilst the loss of the diamond tiara might, though worth a fortune, may have little or no effect at all. On the other hand, the ‘professional’ thief will be after the tiara. So which is really most important?

Key to Risk Management is increasing awareness and education at every level of the organisation: particularly its management and directors as they invariably have access to most parts of the system, the greatest amount of information to lose – and the authority to break the rules. Cyber-Security is not just an I.T. department problem. If every employee is shown how to (and encouraged to) take care of “their bit” you will have a safer, more secure environment.

The Human factor is often the weakest link in the chain but with the right training an improvement in individual online behaviour can dramatically reduce the chances of a security breach.

Effective implementation of data protection regulations, such as the General Data Protection Regulation (GDPR) due in May 2018, will help develop your Cyber-risk Management strategy and protocols. Whilst complying with regulation can seem an onerous and costly task it can also be viewed as a good foundation toward improving your resilience to Cyber misfortune. Encrypting data, appointing a Data Protection Officer and implementing a data breach monitoring process are all required for GDPR. These are good starting points. Efficient implementation should reduce your investment costs on compulsory compliance whilst enhancing your security credentials.

There is no one size fits all approach to Cyber-risk Management but common sense, clear & concise planning, continual training &testing all backed by insurance are key steps in being Cyber-resilient.

Four steps toward a Risk Management strategy:
1. Consider Compliance as a foundation to build on: not a negative imposition!
2. Understand Cyber risk and how your business might be compromised.
3. Be ready for a Cyber failure and have your response ready.
4. Educate and improve the routine