Cyber crime is becoming an increasing threat to modern businesses, with most companies relying heavily on online systems to operate.
New reports of data breaches and instances of cyber crime appear each year, contributing to an annual loss of around five billion pounds for the UK economy. It is therefore more important than ever to address Cyber issues at board level in order to safeguard our businesses and employees.
How serious are the risks?
Many of the data breaches and IT system interruptions are caused by hackers who have the power to threaten a company’s entire reputation and accounts, with some UK SMEs spending up to 72,000 pounds on handling cyber attacks.
According to the 2018 Cyber Security Breaches Survey, 43% of UK businesses had reported cyber security breaches or attacks over the last 12 months. There is therefore no surprise that The Hiscox Cyber Readiness Report, which surveyed 4,100 businesses across the UK, Europe and US, reveals that 66 per cent of respondents rank cyber attacks and fraud as the top two risks to their business.
So do we just leave it to the IT department to sort out?
Company directors are often guilty of placing Cyber Security entirely in the hands of the IT department. IoD Hertfordshire Chair and Managing Director of Lumina Technologies, Richard McBarnet, says, “One of my gripes with how companies approach IT is that it is not taken seriously enough at board level”.
He believes the main reasons for this are because many directors find Cyber crime and other IT- related matters boring, or they simply do not understand it;
“I know from talking to executives that the average MD finds the subject of IT dull, which is one reason why they do not get round to addressing the issue or having it represented at the Board level. One of the reasons why companies like Lumina exist is because Boards do not understand IT and want to delegate the responsibility.”
However, our IT departments should not be given full responsibility for something which, if dealt with incorrectly, could completely corrupt a business. For that reason, Richard agrees that Cyber Security should be represented at Board level, where he says it “can be assessed in terms of the health and strategy of the company, including a deeper understanding of risks, which will enable them to put mitigation strategies in place.”
For more information about Cyber Security for your business, visit the IoD Cyber Hub.