Businesses rely too heavily on technology to fight cyber threats. Risk management, processes and skills are crucial weapons.
While technology undoubtedly plays a major role in combating digital threats, other areas are too often neglected. Tellingly, mid-market business leaders surveyed in Grant Thornton’s International Business Report (IBR) say that over-reliance on software is their weakest point in managing cyber and privacy-related threats.
It’s encouraging that business leaders acknowledge this. But now they must act, by improving their employees’ awareness and specialist skills in cyber security.
A new form of education is necessary
Managers can address this by boosting awareness of cyber security issues across the business. But how to do this effectively? Businesses have been running cyber security webinars and mandatory training programmes for many years, yet human error continues to open them up to cyber attack.
Businesses need to understand where they are vulnerable to cyber attacks and data-protection breaches before investing in preventive software. This requires specialised skills that most cyber security functions don’t have.
“Businesses need cyber security and privacy-related skillsets to help map out their data and understand their regulatory requirements – particularly in a cloud environment”, says Jean-Hubert Antoine, Chief Information Security Officer (CISO) at Grant Thornton Luxembourg. “They also need cyber technology skills around the technologies they are using. ”
Understanding that there is more to managing digital risk than relying on technology is just the first step. Companies must then take a number of non-tech measures to protect themselves and better manage the human risk.
This doesn’t necessarily mean spending more money. In many cases, companies will be able to taper technology spending as they strengthen and invest in their business acumen, processes and in-house skills.
Customer trust is built on more than technology
It is essential that businesses understand that investing in technology alone is not the only answer to reducing digital risk, and it will not protect them from losing customer trust should the worst happen.
A key starting point for companies is understanding the type of business they’re in, and the value they deliver to the customer. Once this is understood, companies will have a clearer idea of the potential impact a breach would have on that relationship, and can better work out how to mitigate this, through a range of measures. Internal governance, processes and people are the other crucial ingredients here.
Insure against the inevitable
“There are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.” Words of former FBI director Robert Mueller back in 2012.
His message is clear – and just as relevant today as it was seven years ago: a breach is inevitable. It makes a strong case for investing in insurance as another way to manage digital risk.
Meet our expert Jean-Hubert Antoine, Chief Information Security Officer (CISO) at Grant Thornton Luxembourg, and implement the most relevant training initiatives, security governance and insurance coverage.