Cyber security priorities have shifted considerably due to the impact of the pandemic and we have seen record levels of increasingly sophisticated cyber-attacks, demonstrating that criminal networks and nation state threat actors are innovating to take advantage of confusion and misinformation around the pandemic.
As the cyber landscape has evolved over the past 12 months our Consultancy team has identified five key cyber initiatives that we will be focusing on over the coming weeks, starting with security governance.
The spotlight on cyber has driven an evolution in governance, risk management and compliance (GRC) and we have seen a definite change in attitude and approach from senior leadership as to how they implement, manage, monitor, and communicate security strategies that both align with business objectives and comply with regulations.
There has been a significant growth in demand for independent third parties to validate an organisation’s cyber security posture and for external support to help understand the specific cyber risks to their business and establish priorities for cyber maturity.
Security Governance programmes are now also being given more consideration by SME and mid-market companies and bringing in expertise to deliver specific GRC components of a risk management strategy is now possible for organisations of all sizes.
But what exactly is security governance? The National Cyber Security Centre (NCSC) defines it as, ‘the means by which you control and direct your organisation’s approach to security.’ All organisations will have a slightly different approach to security governance but adopting a framework such as the NCSC 10 Steps to Cyber Security, Cyber Essentials or IASME Governance helps to deliver a structured, consistent and measurable programme of cyber security maturity. The most appropriate framework for an organisation will depend on several variables including the organisation’s size, type of business, available resources and any relevant legislation or sector specific regulations.
A framework ensures that cyber security strategies are aligned with and support business objectives; policies and control mechanisms comply with relevant laws and regulations; roles and responsibilities are defined; and there is accountability for decision making.
Once an appropriate framework has been selected an organisation can review its current position against the framework and develop a strategic and prioritised plan to deliver improvements. Any plan for cyber maturity should be a continuous programme that can be tracked, measured, and reviewed. The cyber landscape is constantly changing as new threats emerge and therefore a cyber security assessment can’t be a one-off exercise – it must also evolve over time.
To ensure success it is vital that organisations embed a risk management regime that is applied with the same level of authority that would be applied to other areas of business, such as financial risk management or health and safety.
CBG provides a number of bespoke services to Partners to assist them in supporting clients with governance, risk management and compliance. Our comprehensive range of cyber services has been developed to help drive our partners’ success. For further information on how we can support your business please contact email@example.com
By Dom Wordsworth, Solutions Director
Find out more about our services: