Connect with us

Business

National Cyber Security Centre warns boards that it’s time to get technical

National Cyber Security Centre warns boards that it’s time to get technical

The head of the Government’s National Cyber Security Centre (NCSC) today warned boards that they ‘need to get technical’ to understand the cyber risks facing their businesses.

At a speech delivered at the annual CBI Cyber Security conference, Ciaran Martin, the CEO of the NCSC, called on board members to rise to the cyber security challenge by improving their cyber security literacy.

In particular, Mr Martin stressed the importance of understanding the basics of cyber-attacks, cyber risks and cyber defences to be able to more effectively direct their organisation’s response to threats.

He also flagged the cyber security risks facing the UK from nation states – including Russia – as well as large-scale criminal cyber activity.

The five questions the NCSC is recommending boards ask are:

  1. How do we defend our organisation against phishing attacks?
  2. What do we do to control the use of our privileged IT accounts?
  3. How do we ensure that our software and devices are up to date?
  4. How do we ensure our partners and suppliers protect the information we share with them?
  5. What authentication methods are used to control access to systems and data?

David Morris, a technology risk assurance director from RSM said: ‘The NCSC has today set out some of the high level technical questions that boards should be asking in order to protect their businesses from cyber-attack.

‘All of these questions focus on the technology and process elements of implementing an effective cyber strategy. This is clearly important and there needs to be a continuous process of maintaining and monitoring systems to ensure they remain fit for purpose. However, people risk remains a key vulnerability and it’s likely that we will hear more about this when more detailed guidance is published later this year.

‘The NCSC also revealed some of the eye-watering costs suffered by businesses that fall victim to cyber-attack. For example, one company affected by last year’s NotPetya attack, had to take a hit of up to £250m as a result of having to install 4,000 new servers, 45,000 new PCs and 2,500 new applications.

‘Another consequence of a cyber breach is the risk of breaching the new General Data Protection Regulation (GDPR). Under GDPR, penalties for non-compliance can now reach up to €20 million or 4 per cent of annual global turnover – whichever is higher.

‘Following recent high-profile data loss incidents, we also beginning to see the emergence of class actions which seek to compensate consumers for inconvenience, distress and misuse of data. This puts even more financial pressure on businesses that have fallen victim.

‘Consumer behaviour is also likely to be affected. Research released by the CBI today found that almost 9 out of 10 people say businesses that protect their data will win their custom. The corollary must be that those that don’t protect data are bound to lose out.’

Editorial & Advertiser disclosure
Our website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.
Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Recommended

Newsletters with Secrets & Analysis. Subscribe Now