This week we have seen the UK government up the ante with proposed measures that seek to enforce cyber security responsibilities squarely on organisations. With a suggested fine of either £17m or 4 per cent of global turnover, in the event of loss of service as a consequence of a breach, no organisation can afford to ignore the directives. The impact of such a fine could be devastating.
It is of course interesting that the government is placing the cybersecurity burden on organisations, even though much of the threat is emanating from outside of the UK. This is clearly a departure from its approach to traditional, physical security, where the State assumes a large part of the responsibility.
Nevertheless, the message is loud and clear – cybersecurity is a cost that organisations must bear and hence needs to be on the P&Ls. It’s imperative that organisations adopt a comprehensive approach to security, encompassing technology, processes and people. While there are a variety of technologies available, it’s the experience and expertise of people that will play a leading role in laying the strong security foundations and building up the defences of organisations – especially as new risks, like malware-less threats, are constantly emerging.
If you are revisiting your security strategy following these new government proposals, please get in touch with us. We are well equipped with knowledge, experience and expertise to guide you through the process and help establish the necessary measures to protect your organisation.
Have a look at the top cyber news items reflecting the mood of the market in our weekly newsletter.