The answer to this is very common. A report published on behalf of the Department of Business Innovation and Skills said:
The impact of security breach can be counted in pounds and pence. But it's also measured in lost business, lost jobs, lost confidence and reputation damage. In strict cash terms, a report commissioned by the Department of Business Innovation and Skills discovered that security breaches cost up to £1.5m each to deal with and put right. For small businesses, the average cost is £65k to deal with the worst breach of the year.
Cyber security is a very sensitive subject. Revealing a hack or a data leak can bring serious reputation damage, which means that discretion is essential for everyone involved, including our partners and our clients. A report for the Department of Business Innovation and Skills revealed that 70% of all cyber attacks go unreported. We only hear about some of the super hacks, and we rarely find out about the smaller ones. But ignorance is not bliss when it comes to cyber security. Just because you don't know about it (yet), doesn't mean it's not happening or doing damage. Facing the issue head on, and looking for the threats that have already got through, might be painful in the short-term but it will equip you to deal with the future in a better way.
According to the former FBI Director, James Comey: “There are two kinds of big companies...There are those who’ve been hacked…and those who don’t know they’ve been hacked." Cyber criminals are bombarding businesses on both sides of the Atlantic with up to 117,000 attacks a day. Still, companies continue to pin their cyber security and their valuable reputation on prevention, rather than detection. Our approach is different; it's more risk savvy and realistic. Like the former FBI chief, we accept a systems breach has probably already happened - and no doubt, will again. We help organisations fight cyber criminals on a battleground where you can win. We help growing organisations protect their systems and data with more protection beyond traditional perimeter. And help them put in place technologies which significantly reduce the threat introduced by the people within and around a business: technology which reinforces training as well as monitors and tracks risky activity which falls outside of your data policies.
Our approach is all about managing the risk. We are technology providers but we focus less on the tech and more on the problem (and of course, finding the solution that's right for you).
We'll help you assess your current arrangements, review your strengths and weaknesses and analyse your needs and vulnerabilities - and then we'll help you fill the gaps in your strategy and technologies (naturally after you've read the evidence and seen your own individual proof of concept reviews).
Our focus is on detection and mitigation (because it's virtually impossible to stop every attack, all the time). We add to this investigation and analysis activity that makes you stronger at repelling cyber and insider attacks in the future too.
Every business has different ways of working, with different needs, and an individual appetite for risk.
We help develop the right approach to protect your business, its vital information and secrets, and your organisation's essential reputation by assessing and mitigating the risk.
This is a hard one to answer because for some people, in some industries, the answer will be: yes, cyber criminals will be a massive threat to security (it's believed that the National Grid is under attack constantly from cyber criminals and terrorists). But for others, mistaken, rogue or malicious insiders will be a bigger threat than unknown people in far away places. But neither route can be ignored by organisations who value their reputation. The layered approach favoured by GCHQ means that approach is holistic. We focus on protection beyond the perimeter. We advocate a robust and risk-savvy cyber security defence system based on protection and detection rather than mere traditional prevention. We recommend a series of IT and data security measures which makes life difficult for any cyber attackers who do get inside the perimeter, and which reduce the impact of the careless or malicious insider too. And we have a series of digital forensic technologies, which can prove compliance and track criminal activity. It will help you identify your weaknesses and make your protection stronger in the future too.
SMEs are increasingly becoming a target for cyber criminals - and have always been at risk from rogue or careless insiders. Every business has data or information worth stealing, even if it's just potentially embarrassing or revealing emails between executives. Small and medium sized organisations are not always as well equipped as very big businesses to deal with the fall out. A recent study showed that 60% of small businesses fail within six months of a data breach. A layered approach to cybersecurity and IT protection is both an investment and insurance for an organisation - no matter what size they are.
John Allan, National Chairman, Federation of Small Businesses (FSB), said: “Cyber crime poses a real and growing threat for small firms and it isn’t something that should be ignored. Many small businesses will be taking steps to protect themselves but many others have not recognised the increasing threat and have neither adopted technologies nor strategies to defend against cyber crime. For those that don’t, the cost of cyber crime can be a barrier for growth and in the worst cases, can put a firm out of business. While we welcome action from the government and the wider public sector, there are clear actions that businesses can take to educate and help themselves to counteract cyber crime. The FSB would strongly encourage them to do so.”