*Reassuringly dull cyber security

What business leaders need to know about cyber security

Back
Business Leaders

We know what you’re thinking. Not another cyber security company telling us that cyber security is a Board-level issue we need to address immediately! And touting a smorgasbord of expensive security products and complicated technologies off the back of it.

It can be difficult for non-technical executives to know what they should really be concerned about when it comes to cyber security, and what they actually need to do to satisfy the increasing demands of customers, suppliers and investors.

Here’s our quick guide to cutting through the noise and simplifying something that really doesn’t need to be that complex:

Best practice cyber security is a condition of doing business

We could tell you all about the latest threats and most common types of attacks our analysts are seeing on a day-to-day basis. There are plenty to choose from. But do executives really need to know the ins and outs of the latest viruses, Trojans, ransomware attacks and phishing scams? We don’t think so.

What you do need to be aware of is that your customers and investors expect you to have a decent cyber defence in place to mitigate the risks posed by these threats. Increasingly, hackers and cyber criminals aren’t just interested in your business as a target, they want to compromise your customers, affiliates and supply chain as well. You may just be the launchpad. As a result, many businesses are finding that they are now contractually obliged to have cyber security controls in place, and to prove that is the case. Otherwise, their customers won’t do business with them. This is particularly true of banks, other financial institutions and central government. Expect this trend to continue and permeate into other industries over the next 12 – 24 months.

Cyber security doesn’t have to be expensive

Whaaat?! Are you sure?

Traditionally, a robust cyber defence has meant investing in a raft of different technologies – email threat prevention, anti-virus, firewalls, data loss prevention, vulnerability management, endpoint detection and response…. need we go on? All of these technologies have their place, but on their own they’re expensive to buy and complicated to manage. Which means you need specialist staff to knit them all together, manage them on a day to day basis and keep up with the next big thing. Unsurprisingly, this is really expensive. And that’s without the compliance and training requirements. Ouch!

It doesn’t have to be this way. Cyber Security as a Service allows businesses to subscribe to a monthly service which covers all aspects of a comprehensive cyber security defence – people, process and technology. This service essentially bundles together the latest and greatest technologies, training packages and compliance standards for a set monthly fee, with no long-term commitment. And the best bit? You receive a monthly management report which tells you exactly how the service is performing, your overall cyber risk position and what you can do to improve it. Which leads me on to the next point…

Get to know your cyber stress score

Every organisation has a cyber stress score, which is calculated based on the controls you have in place, how cyber aware your users are and compliance with relevant information security and data protection standards amongst other factors.

The cyber stress score is useful because it gives you a quick snapshot of how well protected you are, without unnecessary reams of detail behind it. An enterprise-level CSaaS report will show you – in simple terms – how each pillar is performing (people, process and technology). What it shouldn’t do is overwhelm you with jargon and technobabble that you just don’t need.

Your cyber stress score allows you to assess the level of cyber risk you’re comfortable with, and gives you recommendations should you want to shore up your cyber defences. It will also give you guidance on which actions will have the most impact.

Cyber security is only as complicated as you want it to be

As essential as good cyber security is, at the end of the day most business leaders don’t want to have to focus on it too much. You’ve got bigger fish to fry – like attracting and retaining talent, managing the P&L and keeping customers happy. Best practice cyber security is an enabler of all of these things, but all you really need to know is that you have a comprehensive service in place that is producing results – protecting sensitive data, keeping systems up and running and allowing you to transact.

Whatever your existing cyber security posture looks like, whether you have a few standalone products or a whole raft of solutions deployed, achieving the level of cyber security standards your customers, partner and investors expect is only as difficult as you make it.

The best CSaaS solutions can be deployed in a matter of days, are around a third of the cost of procuring standalone products, and include a cyber incident response service as part of the deal should your defences ever be breached.

Most importantly, it will produce monthly reports that very clearly show how the service is performing and your overall exposure to cyber risk – which at the end of the day, is all business leaders really need to know.


Natasha Scott

Written by Natasha Scott
Natasha Scott is Head of Marketing at NormCyber and is responsible for driving awareness and engagement for the brand across all channels and audiences. She has worked in the technology industry for over 20 years in a variety of communications and marketing roles, and has a particular passion for all things digital and content-related.

Appointing NormCyber as our virtual DPO has given Ferrero the best of both worlds – access to data protection experts who understand what we stand for as a business, without the hefty overheads usually associated with appointing an in-house DPO.

Harpreet Thandi
Regional Counsel, UK & Ireland, Ferrero

We were looking for a virtual DPO service that offered all of the benefits of a fully qualified data protection lawyer, without the overheads of an in-house hire. The DPaaS solution from norm. has been invaluable in helping us to ensure we respect the integrity of our customers’ personal information, while using it to continue to deliver differentiated products and services which support our growing customer base.

Mike Whitfield, Compliance Manager
Marmalade

CSaaS allows me to step away from multi-vendor management as the Security Operations Centre coordinates all of the technology for me.

David Vincent, CTO
Perpetuum

We were in the market for an independent Data Protection Officer service that was well versed with both UK and EU regulators. We’re thrilled to have acquired this service knowing that an expert is available 24/7.

Suzanne McCabe, Head of Project Management
James Hambro & Partners

Norm’s penetration testing layer, along with the suite of CSaaS modules has enabled MA to exceed all its audit requirements for its major clients.

Rob Elisha, ICT and CRM Manager
Montreal Associates

The speed of your Data Protection Officer’s response was very impressive – it was far quicker than I would have expected even from an in-house DPO

Will Blake, Director of Technology and Analytics
CRU Group