Cyber Security Risk Assessments are a vital tool for understanding your clients’ security baseline requirements.
What is the background?
As we have seen from various industry news reports, last year once again saw a huge growth in both the number and complexity of cyber-attacks, with 68% of medium-sized businesses and 75% of enterprises reporting a security breach*. In our market, we all understand that the impact of any breach is often extremely damaging to an organisation, not only in terms of financial costs and lost productivity, but to the company’s reputation and consumer confidence. Added to this, regulatory bodies are regularly introducing stricter legislation and greater penalties for non-compliance, so it is no surprise that organisations reach out to their expert cyber partners for assistance.
As the cyber and compliance landscape evolves, nation state adversaries and other threat actors are developing increasingly sophisticated methods of attack, and the resultant risks to businesses continue to grow, so how can we as members of the Cyber Security channel work together to help organisations mitigate these threats?
A great place to start is at the beginning! Find out what each individual customer’s current security posture and risk and compliance commitments are, and then work from there. This is where the benefit of a risk assessment comes into its own. As a trusted partner you will have the ability to benchmark your client’s security and risk, and provide the advice, tools and services to build up their capabilities, effectively utilising it as a pre-sale tool to map out longer-term and on-going support.
The Assessment Itself
Cyber consulting and service providers offer different approaches to risk assessing. A bottom-up approach begins by identifying risks at a process level; it is therefore very thorough but extremely costly in terms of time and resources. A top-down approach on the other hand starts from a strategic standpoint and is mandated or otherwise directed from board level down through the organisation.
In my view, the most successful method, although complex, will draw on aspects of both approaches. Organisations need to have experts embedded into any such project to help develop a security roadmap that aligns people, processes, and technology with strategic business goals to optimise the company’s overall cybersecurity posture. Essentially, a roadmap will give you a clear picture of where your organisation currently is with regard to cyber security; the challenges and risks it is facing; where the business needs to get to in terms of cyber maturity; what you have to invest in or implement to get there; and finally, how you prioritise the actions that are required.
Implementing a comprehensive and cohesive cyber security roadmap requires experienced cyber professionals, but with the industry currently experiencing a significant shortage of suitably qualified people many organisations do not necessarily have that kind of internal resource available to them. This is hi-lighted in a 2020 study from ESG & ISSA which found that 70% of cybersecurity professionals reported that their organisation had been adversely affected by the skills shortage.
So, what is the solution if you don’t possess the necessary in-house skills to deliver this service to your clients or have a short-term resourcing issue?
In this situation many companies will look to partner with a specialised third party to provide them with the missing expertise, either as a dedicated, virtual, or fractional resource. Supplementing existing capabilities by outsourcing to partner organisations is not only an effective way to deal with the current skills gap, but also has significant cost benefits and an independent consultant will ensure objectivity, providing a completely unbiased view of an organisation’s security.
As a specialist cyber security consultancy CBG provides a range of bespoke services to Partners to assist them in supporting their clients with additional specialist resource. Our range of Cyber Services has been carefully developed by our team of experts to align with strategic business goals and enable our Partners’ success, providing skills when needed to fulfil demand or increase service portfolio diversification and reach. For more information and to find out how we can help your organisation please contact email@example.com?
Dom Wordsworth, CBG Solutions Director
*UK Government 2020 Cyber Security Breaches Report
Find out more about our services: