Following George Osborne’s announcement of a significant escalation in the UK’s cyber security investment, it seems timely to analyse why private sector companies are still so vulnerable to cyber threats. According to the CEO of Skarbek Associates, it’s because they continue to see cyber-security as a technology issue and not as a holistic program that demands a response from the entire organisation.
Paul Heugh, CEO of Skarbek Associates said :
“It is pleasing to see the government prioritising investment in cyber-security, but that enthusiasm for betterment in this space doesn’t appear to have been sustained in the private sector. The majority of companies need a sweeping review of their cyber strategies. What we are seeing far too often is an approach to cyber-security that only considers the technology, when in fact the biggest threats to the viability of any cyber strategy exist offline.
“Leaders need to realise that, for example, their HR department is just as important as their IT department when it comes to implementing a cyber security strategy. The principal risks to a firm’s digital assets come from inside the organisation, and so good screening and management of staff should be a priority. Research consistently shows cyber-security strategies failing to be implemented and it is because there is no holistic view of an organisation’s vulnerability.
“The fact is that most leaders are not currently aware of or prepared for the multiplicity of threats facing their organisations. They need to have cross-functional, multi-faceted strategies that are rehearsed frequently in simulation exercises, called ‘war games’, which prepare employees across the entire organisation and teach them how to spot vulnerabilities.”