Frequently asked questions

Your questions

Q. How common is a security breach?

A.

The answer to this is very common. A report published late last year on behalf of the Department of Business Innovation and Skills said:

  • 81% of large organisations had a security breach
  • 60% of small businesses had a security breach 
  • 59% of respondents expect there will be more security incidents in 2015 than in 2014

Q. How much does it cost to deal with an IT or cyber security breach?

A.

The impact of security breach can be counted in pounds and pence. But it's also measured in lost business, lost jobs, lost confidence and reputation damage. In strict cash terms, a report commissioned by the Department of Business Innovation and Skills discovered that security breaches cost up to £1.5m each to deal with and put right. For small businesses, the average cost is £65k to deal with the worst breach of the year.

Q. We hear about the very high profile hacks (like Talk Talk, Sony, Target, Microsoft etc) but how many go unreported?

A.

Cyber security is a very sensitive subject. Revealing a hack or a data leak can bring serious reputation damage, which means that discretion is essential for everyone involved, including our partners and our clients. A recent report for the Department of Business Innovation and Skills revealed that 70% of all cyber attacks go unreported. We only hear about some of the super hacks, and we rarely find out about the smaller ones. But ignorance is not bliss when it comes to cyber security. Just because you don't know about it (yet), doesn't mean it's not happening or doing damage. Facing the issue head on, and looking for the threats that have already got through, might be painful in the short-term but it will equip you to deal with the future in a better way.

Q. How many of the security breaches go unnoticed until it's too late? And what can be done to catch them quicker?

A.

According to the FBI Director, James Comey: “There are two kinds of big companies...There are those who’ve been hacked…and those who don’t know they’ve been hacked." Cyber criminals are bombarding businesses on both sides of the Atlantic with up to 117,000 attacks a day. Still, companies continue to pin their cyber security and their valuable reputation on prevention, rather than detection. Our approach is different; it's more risk savvy and realistic. Like the FBI chief, we accept a systems breach has probably already happened - and no doubt, will again. We help organisations fight cyber criminals on a battleground where you can win.

Q. How can you help?

A.

Our approach is all about managing the risk. We are technology providers but we focus less on the tech and more on the problem (and of course, finding the solution that's right for you).

We'll help you assess your current arrangements, review your strengths and weaknesses and analyse your needs and vulnerabilities - and then we'll help you fill the gaps in your strategy and technologies (naturally after you've read the evidence and seen your own individual proof of concept reviews).

Our focus is on detection and mitigation (because it's virtually impossible to stop every attack, all the time). We add to this investigation and analysis activity that makes you stronger at repelling cyber and insider attacks in the future too.

Every business has different ways of working, with different needs, and an individual appetite for risk. 

We help develop the right approach to protect your business, its vital information and secrets, and your organisation's essential reputation by assessing and mitigating the risk.


Q. Are cyber threats the biggest threat to an organisation's data and secrets?

A.

This is a hard one to answer because for some people, in some industries, the answer will be: yes, cyber criminals will be a massive threat to security (it's believed that the National Grid is under attack constantly from cyber criminals and terrorists). But for others, rogue or malicious insiders will be a bigger threat than unknown people in far away places. But neither route is ignored by organisations who value their reputation. The layered approach favoured by GCHQ means that approach is holistic. We recommend a robust and risk-savvy cyber security defence system based on detection rather than prevention. But we recommend a series of IT and data security measures too, as this reinforces the protection and makes life difficult for any cyber attackers who do get inside the perimeter, and it stymies the careless or malicious insider too. And we have a series of digital forensic technologies too, which can prove compliance and track criminal activity.

Q. Is cyber crime only a big risk for big business or are SMEs under threat too?

A.

SMEs are increasingly becoming a target for cyber criminals - and have always been at risk from rogue or careless insiders. Every business has data or information worth stealing, even if it's just potentially embarrassing or revealing emails between executives. Small and medium sized organisations are not always as well equipped as very big businesses to deal with the fall out. A recent study showed that 60% of small businesses fail within six months of a data breach. A layered approach to cybersecurity and IT protection is both an investment and insurance for an organisation - no matter what size they are.

John Allan, National Chairman, Federation of Small Businesses (FSB), said: “Cyber crime poses a real and growing threat for small firms and it isn’t something that should be ignored. Many small businesses will be taking steps to protect themselves but many others have not recognised the increasing threat and have neither adopted technologies nor strategies to defend against cyber crime. For those that don’t, the cost of cyber crime can be a barrier for growth and in the worst cases, can put a firm out of business. While we welcome action from the government and the wider public sector, there are clear actions that businesses can take to educate and help themselves to counteract cyber crime. The FSB would strongly encourage them to do so.”

Q. Will we already know if we've been hacked?

A. No, not necessarily. Advanced cyber or insider threats can sit on a device or network for a very long time before anyone realises they are there (as Sony recently found out). A study by HP, in partnership with a cyber security think tank and research centre, revealed that, on average, a threat lies undiscovered for some 170 days. The risk is, however, the longer a threat is on a system the more damage it can do. Sony are good examples of this. The hackers may well have had access for almost a year, without anyone realising it. This is the reason we recommend that detection, rather than prevention, is the cornerstone of a cyber security and IT security strategy today. It can cut down the time a threat is within the perimeter from months to minutes. It's risk management at its best. A threat has minutes to do damage instead of many months of reeking havoc.

Who we work with

Your questions

Read all questions ›

Sign up to receive our updates

Protect your reputation with knowledge. Organisations can stay on the front foot with the latest news & developments. Sign up now to stay in touch & ahead of the game. You can find out more on Twitter & LinkedIn too.​

Please complete the letter in the box below (to help us filter out spam)

Captcha Image

Privacy and cookies | Conditions of use

© Avatu Ltd. The content on this website is owned by us and our licensors. Do not copy any content (including images) without our consent.