Data Protection, Electronic and Privacy Law Blog

Keeping you up to date with plain language explanations of your obligations and liabilities under data protection law, electronic law and privacy law. With a touch of cybersecurity and trends like blockchain and quantum computing.

Do you know how much cyber risk you take on in your business? How equipped are you to mitigate and manage this? Cath Jenkin helps us assess our business vulnerability in this cyber security blog.

Your Business' Risk Appetite.

Just a bite, or a whole bowl?

12 September 2019
Posted in: ICT and Cybersecurity

Let's eat
Every business has some level of cyber risk, no matter what they sell, do, or service. Knowing just how much cyber risk your business takes in its everyday operations, and how equipped it is to mitigate and manage it, is fundamentally important. Defining just how much cyber risk your business can tolerate, and therefore how much it can 'eat' will help you create, implement, and maintain a robust cyber security plan.

Your business objectives
Just how much cyber risk your business can 'eat' is partially defined by what you're trying to do in your business. As we've discussed before, there are four primary types of business objectives that define and determine your business' cyber risk appetite. Your need to be compliant with regulatory and legislative requirements will affect your cyber risk level. What you do operationally will define your cyber risk level. How much income you intend to generate, and the expenditure you'll need to undertake to do so, will define much of your cyber risk level. And, notably, how you plan to grow, change, or shift, your business, will affect your business' cyber risk appetite.

Your business operations
Your business' cyber risk appetite can easily be revealed through its day-to-day operations. As every member of your team, and your service providers, do what needs to get done, to enable your business to operate, there is a level of cyber risk to which they expose your business. It could be as simple as your secretary choosing a new password for their laptop, or as complex as your head of IT defining a new security protocol for your network.

Your business' vulnerability level
Knowing just how vulnerable your business is to a cyber security incident will help you plan for the near-inevitable moment your business has to respond to one. Assessing your business' vulnerability levels will entail:

  • Exploring particular scenarios where company assets, data, or information is exposed to the outside world, in any way, shape, or form.
  • Assessing how those scenarios affect your business' operations and what could happen if a cyber security incident were to occur as a result of these interactions. The physical security of your business.
  • The digital and network security attached to your business. Vulnerability testing processes can be conducted through your internal IT service providers, and external service providers, to give you a full run-down of just how vulnerable your business is to a cyber attack, or malicious interference.
  • Just how much risk your business is willing to take, to do what needs to get done, so that you can reach your business objectives.
  • Assessing your company insurance policies. Your insurance policies should now provider cover for cyber security incidents, protecting your company from financial loss. If your policies do not cover your company for cyber security incidents, now's the time to call your insurance provider.
  • Your company's plans and procedures for recovery after a cyber security incident. These will be closely tied to your cyber security incident response plan.
  • Summoning the services of a professional provider, who can conduct a full audit and assessment of your company's cyber vulnerability. An external audit can provide objective insight into your company as it stands right now, and what steps you'll need to take to reduce your vulnerability levels.

Yum, yum!
Every business operates with some level of cyber risk, but not every business is prepared to eat the risk it has to take. More often than not, the only time a business' cyber risk appetite is truly when the buffet is already open. Knowing what your business can tolerate, mitigate, and manage will not only empower your team, but enhance your operations too. Once you know how much cyber risk your business can eat, you'll be equipped to plan and cater for it, as part of your business' cyber security plan.

Get in touch with ProPrivacy, and we'll help you assess just how much cyber risk your business can eat at every meal.



Castletownroche, Co. Cork
Mon-Thu: 10h00-14h30

Contact Philipa

Phone: +353 (21) 234 8890
Mobile: +353 (83) 827 4889

Philipa Farley is an Association of Data Protection Officers Member ProPrivacy is a Cork Chamber Member ProPrivacy is a Mallow Chamber Member Philipa Farley is an Irish Computer Society Member Philipa Farley is a Business Analysts Association of Ireland Member Philipa Jane Farley is a Grow Remote Mallow Chapter Member

Philipa Jane Farley GPG Key - Fingerprint: 2D8E FAA6 B2C6 0754 D13B 2E7D 6A46 D9E6 F2F8 E7DE
ProPrivacy Consulting Limited (t/a ProPrivacy) CRO Reg: 628639 VAT: 3547299MH Registered Office: Bridgetown, Castletownroche, Co. Cork
© Copyright 2019 ProPrivacy Consulting Limited - All Rights Reserved