Ely, England, 2 December 2013 – The British government’s efforts to incentivise UK businesses to do more about cyber security should be applauded, says IT Governance Limited, but must be reinforced with clear leadership and practical next steps.
A new survey by the Department for Business, Innovation and Skills (BIS) has revealed that only 14% of British FTSE 350 firms are regularly considering cyber threats, despite the increasingly high level of online crime.
Alan Calder, founder and Executive Chairman of global cyber security services provider IT Governance, says, “Whilst the government is demonstrating determination to tackle the growing cyber threat, it seems that it has so far failed to strike the right note with UK businesses. It is correct to point at the problem, but it also has to take the lead and point at the solution.”
On 26th November BIS published a research report on UK Cyber Security Standards, which recognises that “the timely availability of relevant and appropriate cyber security standards with which organisations can develop and demonstrate their cyber security abilities and credentials” is a major factor for boosting the UK’s “collective maturity and confidence in this area”.
The report revealed that ISO 27001 is the most frequently adopted standard by a significant margin, yet the government seems slow in its decision to identify a standard which meets its own requirements as well as business needs.
Calder, who is also the author of ‘IT Governance – An International Guide to Data Security and ISO 27001/ISO 27002’, warns, “Cyber security is a challenge we all face today – not tomorrow. Cyber criminals are acting now and they are targeting our data and stealing our money. UK organisations need a clear direction, a step-by-step approach as to what they need to do in order to protect themselves from cyber crime and, with this, British intellectual property and economic success.
“Every business, from the boardroom down, needs to be constantly vigilant, continually assessing and improving cyber security. UK businesses will be wise to turn to ISO/IEC 27001, which is a globally recognised best practice standard for protecting systems and data. The standard is suitable for all organisations, from SMEs to FTSE 350 companies, and enables them to address IT security as a competitive differentiator.”
The latest ISO survey shows that there are over 19,500 ISO 27001-certified organisations worldwide and this number is growing steadily.
The IT Governance Boardroom Cyber Watch Survey 2013 revealed that, according to 74% of respondents, customers prefer dealing with suppliers with proven IT security credentials, while 50% say their company has been asked by customers about its information security measures in the past 12 months.
Calder adds, “And remember, it’s not just your business but also your supply chain that needs to adhere to ISO/IEC 27001. Any gap or weak link in the chain will be found and exploited in cyberspace.”
The benefits from implementing ISO 27001 are multifaceted and have an impact on all business areas from IT and finance to marketing and sales.
For more information on ISO 27001 visit: www.itgovernance.co.uk/iso27001.aspx.