Norm's reassuringly boring blog

What business leaders do (and don't) need to know about cyber security

Oct 12, 2020 11:46:18 AM / by Natasha Scott

We know what you’re thinking. Not another cyber security company telling us that cyber security is a Board-level issue we need to address immediately! And touting a smorgasbord of expensive security products and complicated technologies off the back of it.

It can be difficult for non-technical executives to know what they should really be concerned about when it comes to cyber security, and what they actually need to do to satisfy the increasing demands of customers, suppliers and investors.

Here’s our quick guide to cutting through the noise and simplifying something that really doesn’t need to be that complex:

Best practice cyber security is a condition of doing business

We could tell you all about the latest threats and most common types of attacks our analysts are seeing on a day-to-day basis. There are plenty to choose from. But do executives really need to know the ins and outs of the latest viruses, Trojans, ransomware attacks and phishing scams? We don’t think so.

What you do need to be aware of is that your customers and investors expect you to have a decent cyber defence in place to mitigate the risks posed by these threats. Increasingly, hackers and cyber criminals aren’t just interested in your business as a target, they want to compromise your customers, affiliates and supply chain as well. You may just be the launchpad. As a result, many businesses are finding that they are now contractually obliged to have cyber security controls in place, and to prove that is the case. Otherwise, their customers won’t do business with them. This is particularly true of banks, other financial institutions and central government. Expect this trend to continue and permeate into other industries over the next 12 – 24 months.

Cyber security doesn’t have to be expensive

Whaaat?! Are you sure?

Traditionally, a robust cyber defence has meant investing in a raft of different technologies – email threat prevention, anti-virus, firewalls, data loss prevention, vulnerability management, endpoint detection and response…. need we go on? All of these technologies have their place, but on their own they’re expensive to buy and complicated to manage. Which means you need specialist staff to knit them all together, manage them on a day to day basis and keep up with the next big thing. Unsurprisingly, this is really expensive. And that’s without the compliance and training requirements. Ouch!

It doesn’t have to be this way. Cyber Security as a Service allows businesses to subscribe to a monthly service which covers all aspects of a comprehensive cyber security defence – people, process and technology. This service essentially bundles together the latest and greatest technologies, training packages and compliance standards for a set monthly fee, with no long-term commitment. And the best bit? You receive a monthly management report which tells you exactly how the service is performing, your overall cyber risk position and what you can do to improve it. Which leads me on to the next point…

Get to know your cyber stress score

Every organisation has a cyber stress score, which is calculated based on the controls you have in place, how cyber aware your users are and compliance with relevant information security and data protection standards amongst other factors.

The cyber stress score is useful because it gives you a quick snapshot of how well protected you are, without unnecessary reams of detail behind it. An enterprise-level CSaaS report will show you – in simple terms - how each pillar is performing (people, process and technology). What it shouldn’t do is overwhelm you with jargon and technobabble that you just don’t need.

Your cyber stress score allows you to assess the level of cyber risk you’re comfortable with, and gives you recommendations should you want to shore up your cyber defences. It will also give you guidance on which actions will have the most impact.

Cyber security is only as complicated as you want it to be

As essential as good cyber security is, at the end of the day most business leaders don’t want to have to focus on it too much. You’ve got bigger fish to fry – like attracting and retaining talent, managing the P&L and keeping customers happy. Best practice cyber security is an enabler of all of these things, but all you really need to know is that you have a comprehensive service in place that is producing results – protecting sensitive data, keeping systems up and running and allowing you to transact.

Whatever your existing cyber security posture looks like, whether you have a few standalone products or a whole raft of solutions deployed, achieving the level of cyber security standards your customers, partner and investors expect is only as difficult as you make it.

The best CSaaS solutions can be deployed in a matter of days, are around a third of the cost of procuring standalone products, and include a cyber incident response service as part of the deal should your defences ever be breached.

Most importantly, it will produce monthly reports that very clearly show how the service is performing and your overall exposure to cyber risk – which at the end of the day, is all business leaders really need to know.

Tags: Cyber security, Cyber attacks, CSaaS, CSIRT

Natasha Scott

Written by Natasha Scott

Natasha Scott is Head of Marketing at NormCyber and is responsible for driving awareness and engagement for the brand across all channels and audiences. She has worked in the technology industry for over 20 years in a variety of communications and marketing roles, and has a particular passion for all things digital and content-related.