bruce hallas director marmalade box ltd. uk business comparison of information security incidents...
TRANSCRIPT
Bruce HallasDirector
Marmalade Box Ltd
UK Business Comparison of Information Security Incidents & Financial Impact
Corporate UK SME UK
25% ↓in number of known incidents
Similar financial impact
* BIS ISBS 2009
20% ↑ in number of known incidents
20% ↑ in the financial impact
Why the difference?It is about peopleCybercriminals are targeting softer targets.Attack techniques are changing.Technology enables storage of large amounts
of data.Awareness & understanding amongst SME’s.Resource restraints upon SME’s.SME Priorities.Lack of appropriate & affordable external
support.
Why should this be a concern to business leaders?
Negative Risk Positive Risk
OperationalReputationalComplianceProductivityCompetitive
Average cost of known incident £12,500
Average number of known incidents 8
Total cost £100,000.
Market differentiationCompetitive advantageNew products & servicesGreater profit margins
49% of ISO27001 certificates
Tender requirementsNPD15% Higher Margin
What Can I Do?Be realistic there is no such thing as “secure”.Investment should be proportional to the
impact upon overall strategy & value of information assets.
Set your own appetite for risk don’t accept someone else’s.
Ensure that appropriate controls are in place.Ensure these are implemented, maintained
and reviewed effectively.Delegate responsibilities always remembering
your own accountability.
ISO27001:20052 parts: Independent & recognised
management process & set of control guidelines.
Certification or compliance.UKAS.Global recognised brand.Most widely adopted means of assurance.The foundation of many other security
standards.
Benefits↓ Negative risk to cash flow & profitability
Reasonable & Appropriate
↑ revenue & profitability by leveraging customers negative risk
Higher product margins & NPD
ISO27001
Forward
1.Is there a business case for achieving certification?
2.Choose a certification partner carefully.3.Assess whether internal resources have
skills/experience.4.Identify appropriate external support.5.Be realistic about timescales.