Management disconnect

I’ve talked, for some years, about the disconnect between managements stating that cyber security is on their agenda, or under control, and the rapidly rising number of data breaches, as reported in multiple surveys and reports, as well as increasingly now on the world’s news front pages.

A recent report from Accenture, Cyber Security: Facing the Cybersecurity Conundrum , provides hard, current data that supports this view.

Their key finding is this: ‘One in three focused breach attempts get through, yet most organizations are “confident” in their ability to protect the enterprise.’ Most organizations face around 100 targeted attacks per year – that’s in addition to the thousands of random, background attacks occurring every day – which means they’re suffering one or more successful attack per month. As successful attacks are usually only uncovered months later, and often by third parties, managements really do need to re-assess their positions – and priorities.

The reality is that having anti-malware software installed no more amounts to a cyber security strategy than doing weekly fire drills amounts to a business continuity plan.

GDPR adds the prospect of legal action by data subjects and very large administrative fines to the penalties of unwarranted confidence.

The starting point should be a cyber health check – a fast, top-to-bottom review of your cyber security and recovery posture – leading to a focused work programme aimed at improving cyber resilience.

It’s that, or become another feather in a hacker’s hoodie.