The UK Government urged British firms to undergo a Cyber Health Check after the release of a report that revealed cyber leaks of FTSE 350 firms are putting UK economic growth and national security at risk.
Do I need a Cyber Health Check?
- Cyber Security Strategy Map.80% of large and 87% of small organisations have been “turned over” by competitors, cyber criminals or others in the last year;
- The Financial Times found that four in five of the largest UK quoted companies are not prepared for a cyber-attack;
- The British economy and national security are being put at risk by complacency over Cyber Security, according to KPMG;
- The retail company Lakeland was subject to a sophisticated attack last week – compromising two encrypted databases containing customers’ passwords.
And that is one of several attacks that we know of that happened just in the last week. Lakeland has been praised for their honesty and approach to communicating and managing the breach, which currently is not a legal requirement, demonstrating the benefits from being prepared for a cyber crisis.
Statistics like these as well as the myriad of other available fuel the Government’s worry that businesses are not sufficiently vigilant about threats to their information security, hence why they are urging organisations to undergo the ‘Cyber Health Check’.
But what is a Cyber Health Check?
Aim: To achieve a holistic view to information security; including the vulnerabilities linked to the governance, culture and people within an organisation.
- Understand the information that is valuable to your organisation and the associated risks;
- Create a benchmark to see how you’re information security is improving over and a way to compare with peers.
Result: Companies will show how aware they are of Cyber Security issues and what risk they have in place so they can prioritise mitigation activity.
Scope: Understanding the impact your suppliers have on your ability to safeguard your systems and information is usually disregarded when assessing cyber security and information assurance risks and vulnerabilities. So extend the Cyber Health Check to include your supply chain.
How to do a Cyber Health Check on your business:
- Risk and Issue identification: Engage relevant people across the organisation to determine what information is important and the risks & issues that affects it;
- Security Assessment: Engage relevant people across the organisation in workshops or with a questionnaire to assess how well the company handles Cyber Security and information-centric issues (e.g. protecting intellectual property and safeguarding customer data);
- Prioritising controls: Discuss the findings to identify areas that are particularly vulnerable and agree on appropriate course of action to mitigate.
Time for Action
The Cyber Health Check will highlight areas which can be easily safeguarded; however the important factor is being aware of the vulnerabilities so you know what risk exists in your organisation.
Do you know what your organisations vulnerabilities are and how you are protecting them?