Organisations are being asked by regulators, partners, and other stakeholders to improve their cyber security risk management process. As cyber risk becomes recognised as a business risk both senior executives and operations security managers are seeking greater visibility of those risks and access to tools that will help mitigate them.
Read MoreMuch has been written about the growing and increasing maturity of the cyber security insurance market. There is also no shortage of (rather depressing) surveys of companies and breaches to give scale to the size of the cyber security problem. In Australia the research done on past breaches by ACSC led directly to the formulation of the Essential 8 cyber mitigation strategies.
Read MoreWhether as a result of increased governance at Board level or simply improved performance management practice, cyber risk measurement and management is now acknowledged as an important 360-degree risk mitigation strategy to support your corporate risk management responsibilities.
Read MoreGrowing, mid-size companies that want to avoid or survive cyber crime face a tricky challenge as they are often overlooked.
Read MoreIt is widely acknowledged that all businesses can be victims of cyber crime, suffer data loss, get hit by ransomware or fall victim to some other form of cyber attack – the “when, not if” maxim in cyber security circles. However, for SMEs, facing up to this fact is difficult.
Read MoreFor people who have been working in security for some time there has been an evolution in communicating cyber crime risks to the board; this has gone through several phases from initial disinterest, through necessary but begrudging acceptance to a point where now measurement of the state of key risk indicators is actively sought.
Read MoreNo company wants to be the target of cyber criminals. Attempts to steal data, IP and personal information, encrypt data to get money or create botnets for mounting other forms of attack are increasing all the time. The cyber security challenges that companies encounter continues to grow in the face of an increasingly organised and hostile Internet-based criminal fraternity.
Read MoreIt is getting almost stale to be warning about the need to assure security throughout the supply chain. Most businesses have had third party assurance programmes in place for many years and are well versed with the challenges and struggles in the fight against cyber crime.
Read MoreIt has been said that “If you can’t measure it, you can’t manage it” (Peter Drucker).
That may not apply universally (most rules have exceptions), but it is an interesting way to look at cyber crime; or more accurately the ability to withstand and/or recover from a cyber crime attack.
Read MoreIn a previous blog post we looked at how a security scorecard can be used to monitor your organisation’s compliance against a predefined set of controls, such as the Australian Cyber Security Centre’s (ACSC) recommended Essential Eight (E8). By selecting a security framework like E8 you’ve already made a risk management decision; you’ve acknowledged a set of risks against which you want to protect your enterprise. But don’t stop there. By routinely making these measures you can benchmark your security posture over time for continuous risk management and quality improvement purposes.
Read More