Is your organization cyber aware?


Posted on: November 28, 2017 by Richard Vinnicombe

With the protection of key information assets critically important to the sustainability of organizations, they need to be on the front foot when it comes to cyber preparedness. Too often, we see cyber security treated as an IT issue rather than the strategic risk management challenge it really is.

Businesses traditionally invest in managing risks across their enterprise, drawing effectively on senior management support, risk management policies and procedures, a risk-aware culture and the assessment of risks against objectives. When it comes to cyber security, there are many benefits to adopting a risk management approach, including:

  • Financial benefits. These are realised through the reduction of losses and better ‘value for money’ potential
  • Strategic benefits. Corporate decision-making is improved through the high visibility and understanding of risk exposure, both for individual activities and major projects, across the whole organization
  • Operational benefits. The business is prepared for most eventualities, with the assurance of adequate business continuity and contingency plans.

Atos’ Information Governance, Risk and Compliance (IGRC) team has produced a set of questions to help any organization to examine its cyber security risks, specifically to ensure it has the right safeguards and culture in place.

Key questions for businesses

Protection of key information assets is critical

  1. How confident are you that your organization’s most important information is being properly managed and is safe from cyber threats?
  2. Are you clear that your organization is likely to be targeted?
  3. Do you have a full and accurate picture of:
    • the impact on your organization’s reputation, share price or existence if sensitive internal or customer information you hold were to be lost or stolen?
    • the impact on the business if your online services were disrupted for a short or sustained period?

Exploring who might compromise your information and why

  1. Does your organization receive regular intelligence from the Chief Information Officer/Head of Security on who may be targeting your organization, their methods and their motivations?
  2. Do you actively encourage your technical staff to enter information sharing exchanges with other organizations in your sector and/or across the economy to benchmark and learn from others facing the same challenges and help you to identify emerging threats?

Proactive management of the cyber risk at Board level is crucial

  1. The cyber security risk can impact share value, mergers, pricing, reputation, culture, staff, information, process control, brand, technology and finance. Is your organization confident that:
    • an information security policy is in place, which is championed by the Board and supported through regular staff training? Are you confident the entire workforce understands and follows it
    • all key information assets are identified and thoroughly assessed for their vulnerability to attack
    • responsibility for the cyber risk has been allocated appropriately? Is it on the risk register and reviewed regularly?

Taking a top-down approach to mitigating and effectively managing cyber security is a must in today’s connected world. Is your organization cyber aware?

Digital Vision for Cyber Security

This article is part of the Atos Digital Vision for Cyber Security opinion paper. We cover what every business should know about cyber security, why a concerted response is essential, and how to protect data, systems and services from any attack.

Share this blog article


About Richard Vinnicombe

Practice Leader, Information Governance, Risk and Compliance, Atos UK&I
Partner in Business Consulting Richard leads the Information Governance, Risk and Compliance Practice in Atos Business Consulting UK.  He was previously Managing Consultant at a large defence contractor responsible for information assurance and penetration testing capabilities.  Richard has led the security teams on some large public sector ICT deliveries and has delivered audits and remediation plans for household name private sector clients in many market verticals. As a subject matter expert in security accreditation, risk management and audit Richard advises clients how they can get the most value from their security investments helping to build business cases and drive real operational benefits.

Follow or contact Richard