We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,713 News Articles

ISF launches guide to help businesses prepare for cyber attacks

Companies need to have board-level buy-in

The Information Security Forum (ISF), an independent information security body, has launched a report giving advice to businesses on how they can prepare their organisations for cyber threats.

Cybercrime is now the third biggest crime problem experienced by UK businesses according to the 2011 PricewaterhouseCoopers (PwC) Global Economic Crime Survey.

In 2010, the UK government also detailed cybercrime as a 'tier one' risk to Britain, alongside terrorism, international crises and natural hazards, and earmarked £650 million over a four-year period to fight against cyber attacks.

The report, 'Cyber Security Strategies: Achieving cyber resilience", was produced after a meeting 300 of the ISF's members, which include companies on the Fortune 500 and Forbes 2000 lists.

Although the ISF believes that information security "has a voice at the table", one of its key recommendations from the report is that businesses get C-level buy-in for their cyber security strategies - a reiteration of a recent Chatham House report on cyber security.

"Cyber security is not an information security issue. It's a business issue," said Michael de Crespigny, CEO of ISF.

De Crespigny said that establishing the governance with enough power to enable the other recommendations made by the report is crucial.

The C-level director responsible for the cyber security strategy can help the organisation get a better sense of their situational awareness and to assess their cyber resilience, he said.

In addition, senior management support will help organisations to connect different functions within the business, which can work together to develop the response mechanism they need to put in place for communicating with affected customers and stakeholders following a cyber attack.

Meanwhile, the more successful a company, the greater the need for it to be resilient and prepared in the face of a cyber attack, de Crespigny said. He gave the example of the Sony hack, which affected millions of account holders.

"The impact of cyber crime has a very long tail. A breach has lasting impact. The impact of incidents is magnified by the success of the company on the internet," he warned.

Available free to ISF members, the report will go on sale to non-members on Monday.


IDG UK Sites

Motorola Moto G vs Nokia Lumia 530 comparison: What's the best budget smartphone

IDG UK Sites

Everything you need to know about Apple's iPhone Camera in iOS 8

IDG UK Sites

Why you shouldn't trust password managers

IDG UK Sites

How to make an 'Apple iWatch' using an iPod nano and a 3D printer