With 88 per cent of UK businesses having had some form of data breach in the 12 months leading up to May 2020, it’s clear that organisations are not doing enough to plan and prepare for the real everyday attacks we are seeing. As a result, the average cost of a data breach for a UK business was just over £2,500.
Staggeringly, UK councils reported more than 700 data breaches to the Information Commissioner’s Office (ICO) during 2020, according to figures obtained from Redscan. That’s over 60% of councils across the UK (265 of 398), with the report finding that “cyber security across local government is, by and large, disjointed and under-resourced, leaving councils in charge of highly valuable personal data while unprepared for cyber incidents.”
Much of this, according to industry experts, is down to organisations not doing enough to ensure information security continuity. Redscan CTO Mark Nicholls told Computer Weekly: “There is significant room for councils to improve their readiness to tackle current cyber risks … To minimise the impact of data breaches, it is important that councils are constantly prepared to prevent, detect and respond to attacks.”
The key word there being “constantly”. Many businesses think that establishing basic security measures, while not reviewing them for lengthy periods of time, will ensure cyber security. This is untrue. Information security continuity can help minimise the damage of external attacks and data breaches. But what is it?
Information Security Continuity
Information security continuity is a term used within ISO 27001 to describe the process for ensuring confidentiality, integrity and availability of data is maintained in the event of an incident. Information security continuity in its simplest form is ensuring you have the ability to carry on protecting your information when an incident occurs.
Checklists are not enough
The approach to cyber security must be thorough, otherwise you are leaving yourself open to attacks which could have devastating effects on your business. As the above figures make clear, the vast majority of businesses in the UK are privy to some form of cyber-attack or other. This would suggest that the defences used are inadequate, and that security, as a whole, is not taken as seriously as it ought to be.
A ‘checklist’ approach will not do. There are more stringent methods you can implement to ensure cyber security, such as seeking accreditation from the International Organisation for Standardisation (ISO), which is a globally established security framework. This would not only put you at ease that sensitive data is well protected, but shows potential clients that you take cyber security very seriously.
According to its website, ISO was “founded with the idea of answering a fundamental question: what is the best way of doing this? … International Standards mean that consumers can have confidence that their products are safe, reliable and of good quality.”
There are many different standards to consider, but when it comes to cyber security the ISO 27001 standard is essential. ISO 27001 is a globally recognised international standard on how to manage information security, which is applicable to all businesses, irrespective of their size, type, or nature.
The standard has been designed to help organisations manage their security practices consistently, easily, and cost-effectively. The number of certifications grew by 450% in the decade leading up to 2019, such is its popularity.
Benefits of ISO 27001 accreditation
- Invests greater trust in your organisation, from both within and without. You know, as do your customers, that all forms of information are protected, whether paper-based, digital, or stored in the Cloud – and they can only be accessed by authorised parties.
- ISO 27001 provides the specification for an Information Security Management System (ISMS), which helps you protect and manage all your organisations’ information through risk management.
- Being ISO 27001 accredited boosts your company’s resilience to cyber-attacks.
- Avoids unnecessary costs which are incurred by fixing cyber-attacks.
- Helps avoid negative publicity from a cyber security breach.
- Fosters an environment of care and responsibility to both customers and staff, showing a willingness and dedication to protect sensitive or confidential information.
- Proves to stakeholders that you are committed to keeping their data safe.
How we can help
We advise that your company takes a more nuanced and rigorous approach to ensuring cyber security. As fraudsters and hackers become more sophisticated, so too should the methods used to foil them.
Synergos Consultancy can help you through the accreditation process to ensure that your company is continually reviewing and revising its defence systems to ensure information security. ‘Checklists’ are not enough. The damage could bankrupt you or tarnish your brand so much that it could be virtually impossible to win back trust. We can help you obtain the necessary certification, and better yet: we guarantee we will get you through the accreditation process or we will refund 100% of all monies paid.