Just a bite, or a whole bowl?
Every business has some level of cyber risk, no matter what they sell, do, or service. Knowing just how much cyber risk your business takes in its everyday operations, and how equipped it is to mitigate and manage it, is fundamentally important. Defining just how much cyber risk your business can tolerate, and therefore how much it can ‘eat’ will help you create, implement, and maintain a robust cyber security plan.
Your business objectives
Just how much cyber risk your business can ‘eat’ is partially defined by what you’re trying to do in your business. As we’ve discussed before, there are four primary types of business objectives that define and determine your business’ cyber risk appetite. You need to be compliant with regulatory and legislative requirements will affect your cyber risk level. What you do operationally will define your cyber risk level. How much income you intend to generate, and the expenditure you’ll need to undertake to do so will define much of your cyber risk level. And, notably, how you plan to grow, change, or shift, your business, will affect your business’ cyber risk appetite.
Your business operations
Your business’ cyber risk appetite can easily be revealed through its day-to-day operations. As every member of your team, and your service providers, do what needs to get done, to enable your business to operate, there is a level of cyber risk to which they expose your business. It could be as simple as your secretary choosing a new password for their laptop or as complex as your head of IT defining a new security protocol for your network.
Your business’ vulnerability level
Knowing just how vulnerable your business is to a cyber security incident will help you plan for the near-inevitable moment your business has to respond to one. Assessing your business’ vulnerability levels will entail:
- Exploring particular scenarios where company assets, data, or information is exposed to the outside world, in any way, shape, or form.
- Assessing how those scenarios affect your business’ operations and what could happen if a cyber security incident were to occur as a result of these interactions. The physical security of your business.
- The digital and network security attached to your business. Vulnerability testing processes can be conducted through your internal IT service providers, and external service providers, to give you a full run-down of just how vulnerable your business is to a cyber attack, or malicious interference.
- Just how much risk your business is willing to take, to do what needs to get done so that you can reach your business objectives.
- Assessing your company insurance policies. Your insurance policies should now provider cover for cyber security incidents, protecting your company from financial loss. If your policies do not cover your company for cyber security incidents, now’s the time to call your insurance provider.
- Your company’s plans and procedures for recovery after a cyber security incident. These will be closely tied to your cyber security incident response plan.
- Summoning the services of a professional provider, who can conduct a full audit and assessment of your company’s cyber vulnerability. An external audit can provide objective insight into your company as it stands right now, and what steps you’ll need to take to reduce your vulnerability levels.
Every business operates with some level of cyber risk, but not every business is prepared to eat the risk it has to take. More often than not, the only time a business’ cyber risk appetite is truly tested…is when the buffet is already open. Knowing what your business can tolerate, mitigate, and manage will not only empower your team but enhance your operations too. Once you know how much cyber risk your business can eat, you’ll be equipped to plan and cater for it, as part of your business’ cyber security plan.
Get in touch with ProPrivacy, and we’ll help you assess just how much cyber risk your business can eat at every meal.
Philipa is the lead consultant and auditor at ProPrivacy. With clients as far afield as Canada, South Africa, Kenya, Germany, Spain and other such exotic locations, besides Cork and elsewhere in Ireland, Philipa enjoys a broad view of the state of data protection, privacy and cyber security worldwide. Philipa’s passion is manageable data compliance for SMEs.
Philipa is a qualified teacher besides holding a computer science (Bachelor of Science in Artificial Intelligence Programming) and electronic and intellectual property law (LLB) qualified. She is trained in constitutional (fundamental) rights litigation and enjoys a good debate.
Philipa has over twenty years of experience working in different sized organisations and sectors on operational, governance, risk management and compliance matters. She is an analytical and focused person that enjoys a challenge in the workplace. She loves technology, systems and people and has a passion for showing people how technology can make life easier and better. She understands that the world is driven by data today but privacy is paramount. Responsibly developed AI excites Philipa for the future.