Cyber Security Is Not An IT Risk

Cyber Security Risk Is Not An IT Risk


Cyber- information- computer security, this highly technical subject sounds as if it should be a risk that fall within the IT department, but there are clear evidence that the responsibility sit elsewhere in the organisation.

Cyber Security An Enterprise Wide Operational Risk

Cyber security is very much an enterprise wide operational risk. According to the banking regulation Basel II operational risk is defined as: "The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events."

Information is all around an organisation where almost all personnel use electronic devices and plug in the occasional memory card and USB drive. Depending on authorised levels of access, information, even sensitive information, can be available at the touch of a button. An information leak can have devastating effect on an organisation’s reputation, clients and the bottom line.

Information security is not only about an organisation’s system being hacked from an external source, it is just as much about protecting all the information held by the organisation. Everybody in the organisation needs to be aware of his or her responsibility when it comes to information security. Even more importantly, everybody who’s got access to electronic records needs to be aware of cyber security and how to protect electronic data from coming into the wrong hands.

EU’s General Data Protection Regulation 2018

With the EU’s General Data Protection Regulation (GDPR), which was approved in mid April 2016 and coming into effect in 2018, companies holding personal information will have to take information protection even more seriously. Hefty fines and reputational damage can be the result of not following the new law.

Develop A Risk Strategy

The onus falls on the leadership, the board to stress the importance of information security to staff. It is the board that needs to set the requirements and develop a strategy tailored to the risk.

Areas of consideration for a cyber risk strategy:

- Information protection and cyber policy
- Training
- Controls
- Response plan
- Review outsourced functions
- Cyber risk insurance

A well defined strategy should be a first step towards defined ownership of cyber security risk and incorporating it in the organisation’s enterprise risk management.

We can help you get started by educating your staff or provide you with a cyber security health check. Contact us to see how we can help:

Ask A Question

Risk Management London

RML House
12 Dunster Court

Office +44 (0)208 2070 452
Help Line +44 (0)7775 900 333
Kantarell Limited | Company Reg 10068468 | | © Kantarell Limited 2019 |