Many people are Cyber aware, but not Cyber educated, that is why I completed a 100 course with Harvard remotely on the topic!
Here are some initial high-level confronting insights;
90% of executives are not prepared to deal with a Cyber-attack and cannot interpret Cyber reports.
40% of executives feel they are not responsible for the repercussions of a Cyber-attack.
Cyber-attacks are asymmetric, with hackers having low risk and defenders with high risks due to an impossibly large surface area to protect.
The pandemic forced many organisations to implement tactical arrangements to continue operational continuity; some of these arrangements are now permanent and have inadvertently produced new risks.
These risks are across three principal areas.
Business and operational risk - direct or indirect loss from the failure of key business systems processes, procedures or people.
Reputational risk - loss or damage from harm caused organisational image or reputation.
Legal and compliance risk - an action against an organisation due to breaking the law or regulatory requirements.
Cyber risk requires broader business management, with the technology team being a contributor. An organisation that exhibits these characteristics is adaptive, with lessons learned and risk management as part of their culture.
How can an organisation evolve from their current state?
These are the six primary areas to be considered.
Cyber threats and risks to business.
Identification of critical systems, networks, and data to operations.
Roles of governance and leadership within a risk management plan.
Taking stock of Cyber security technology.
Consideration of the legal implications of breaches.
Incident response and risk mitigation to foster Cyber resilience.
A traditional approach to Cyber security is designing a defensive perimeter to protect valuable assets. It helps with conventional attacks but is less adaptive to changes in the Cyber landscape. There are five elements of a successful contemporary approach to Cyber risk management.
I am now assisting organisations in moving through these elements by initially providing structure with facilitation. I have had several Cyber engagements completed.
Feel free to make contact if you wish to discuss your Cyber situation.
I present regularly to boards and executives on the topic of Cybersecurity, learn about this here.