Tackling cyber risk a 'team sport', says Birdsey

Out-Law News | 14 Aug 2018 | 1:41 pm | 1 min. read

The results of a recent survey of UK businesses shows that many companies could be underestimating the cyber risk they face and the challenge of managing security incidents, an expert has said.

Cyber risk and insurance expert Ian Birdsey of Pinsent Masons, the law firm behind Out-Law.com, said it is concerning that more than half of UK businesses believe they can go it alone when dealing with cyber risk.

A survey by business continuity and IT disaster recovery provider Databarracks found that 56% of UK companies believe they have sufficient cybersecurity skills in-house to deal with threats. The views of more than 400 IT decision makers were reflected in the survey results.

According to the survey, there are positive trends in the way UK businesses are addressing cyber risk.

There was an increase recorded in the proportion of businesses surveyed that said they have invested in cybersecurity safeguards, reviewed and updated their cybersecurity policies, and used cyber threat monitoring software in the past 12 months compared to in 2016. Databarracks also said the figures show more businesses are employing chief security information officers and increasing IT security budgets than in previous years.

Birdsey said: "Addressing cyber risk has become a boardroom issue given the increasing volume of attacks that businesses are facing and the high-profile coverage of breaches. It is therefore not surprising to see that a growing number of companies are taking various organisational and technical measures to safeguard the security of their corporate networks and data and meet their regulatory obligations."

"The steps businesses are taking perhaps give the majority of respondents to the survey the confidence to state that they have sufficient cybersecurity skills in-house to deal with threats. However, tackling cyber risk and managing security incidents effectively represents a major challenge to even the largest and best resourced businesses. It is vital that businesses do not underestimate the scale or complexity of the risk they face and engage third party experts to help them, among other things, thoroughly investigate breaches when they occur, manage communications to affected individuals and meet their legal and regulatory obligations," he said.

"Dealing with cyber risk, including managing a security incident, is a team sport and it is imperative that organisations practice in advance of a live incident. The combination of the ever evolving cyber threat landscape together with the complexity of the General Data Protection Regulation (GDPR) and getting to grips with the new landscape means that external assistance is critical for the successful management of cyber issues," Birdsey said.