Cyber threats have never been as complex, sophisticated, and damaging, making it increasingly difficult for businesses to protect themselves.
This is all real - perhaps exaggerated - but not fake news, says Steve Jump, cyber risk strategist, coach and advisor, at Custodiet Advisory Services. And if you believe everything that you read, it’s only getting worse.
But what does this all mean for business reality, he asks?
The brutal truth is that until organisations learn to focus on what matters most to their business, the drama of everyone else’s cyber disasters will inevitably bias their own approach and make it really difficult to explain the real risk in the business’s value terms.
The cost of any cyber incident is measurably escalating, and the amount companies need to invest in incident prevention is also increasing. “The demand on your normal business to make money and grow your customers is under the same pressure. So, what level of cyber risk protection makes sense for your business?”
Cyber security is potentially one of the most technically complex risk domains to explain at a business level, adds Jump.
“There is no argument that cybersecurity protection is needed, but there seem to be so many things to do and check that justifying which need to be addressed can seem an impossible journey.”
For example, do businesses know which of their systems are most at risk from which cyber threats, or how much of their revenue and profit is at risk? Do they know how to map cyber threats against their business risk appetite, or how cyber risk is treated in comparison to other critical business risks?
Importantly, he asks how do companies who do not havenot have a risk registerassess cyber threats to their business?
Jump will be presenting on “Managing cyber security complexity – can you afford not to know the real cost?”, at the ITWeb Security Summit 2021, to be held as a virtual event from 1 to 3 June.
He has a technical background, being both an engineering graduate and a chartered engineer, but he uses it to translate complex technology into serious business. He consults in the area of information security governance and information security risk, and has over 20 years of practical and strategic information and cyber security experience. Jump provides applied cyber security risk governance coaching, mentoring and guidance at an exco, board and ISO level.
Delegates attending his talk will learn how effective cyber security risk management is a business enabler.
“Knowing how to prove that will make your business case so much more compelling,” he says.
Share