Decision-makers should take cybersecurity seriously!

I have conversations with the decision-makers in businesses and organisations on a daily basis around the subject of cybersecurity.

On occasion, I find it alarming how often they base their lack of preparedness to implement the basics of a cybersecurity strategy with weak justification.

The reasons include… “I haven’t got time”, “we’re too small to be targeted”, “I am not interested”, “I don’t have any budget”.

I talk about risk assessment with them, citing real-world experiences in small businesses where all of these responses are blown out of the water. This is because really affordable (often free!), easy-to-implement procedures elevate an organisations defences to a far safer level.

Cybersecurity and the Metropolitan Police…

I have just attended a cybersecurity conference hosted by the Metropolitan Police at the Emirates Stadium – the home of the football team (for my sins) I support. Whilst my motivation is, in part from a business perspective, the Met Police’s motivation is simple: crime prevention.

The attendees were not only mainly small businesses but also a surprising number of IT support companies. I approached a couple of them and asked why they were there. Their answer was enlightening. No – not to network and win new clients. What they were there for was to help get answers to these three simple questions:

  1. How to get decision-makers to engage with cybersecurity.
  2. How to get them to really assess cyber-risk.
  3. How to convince them to implement the systems they need to mitigate these risks at a level that is acceptable to their business.

There were some useful points made by the speakers. One that I found enlightening was the concept of “game-ifying” the problem. The University of Lancaster and subsequently Bristol Uni have developed a game with Lego – yes Lego – where the players are responsible for protecting the security of a fictitious company.

By getting the players to step out of their daily routine and start to objectively assess another business’s cyber-vulnerabilities, they are actually getting to look at those three questions itemised above.

If you are interested in playing the game or discussing the issues I have highlighted here, please get in touch by giving us a call on 020 72 41 22 55 or fill out our contact form and we’ll quickly get back to you.