A UK government survey in 2019 found that 62% of micro and small businesses have taken action to identify cyber risks. If yours isn’t one of them, you might be at increased risk from cyber security issues that could cost money and/or damage your reputation.
And even if you have, it’s a complex area that is constantly changing. The UK government Cyber Security Breaches Survey 2020 found that half of businesses had carried out an internal or external audit of cyber security, however cyber attacks had also evolved and become more frequent.
What this means to you
The 2020 survey also found that 46% of businesses reported having cyber security attacks or breaches in the previous 12 months, of which almost 20% experienced a ‘material outcome’ (i.e. loss of money or data). Where material outcomes resulted, the average cost of all the breaches these businesses experienced in the 12 month period was estimated to exceed £3,200.
Investing in better understanding the cyber security risks that you face, and how well your defences mitigate them, might make good financial sense when reflected against the potential losses that can result from an attack.
Why we are good
Cyber security, and more generally information security, is centred on risk management.
It isn’t really about products or solutions, it’s about how these are used within a plan to reduce risk. Eggs, flour and sugar are all used in making a cake, but you wouldn’t look at these ingredients and call them a cake, much less just one of them. There are products and solutions that are part of a good approach to cyber security, but the important thing is the skill and knowledge, and the use of some additional ingredients in the right quantities and places, to develop an overall outcome.
At Think IT, we have real cyber security expertise, not just in products and solutions but in the information security discipline as a whole. We invest this in our cyber security review process.
What we can do
The cyber security review process includes the Cyber Essentials areas, but can also add in things like risk governance, risk and compliance; IT management; administrative controls (like policies, HR, training, business continuity, and disaster recovery), other technical controls (like encryption, and network design), and physical controls (i.e. the security of the premises).
It’s a flexible structure, so we can cover the bits that interest or concern you, and leave out the bits that don’t. And of course, we’ll report the outcomes with a clear and prioritised action plan.