ISF launches guide to help businesses prepare for cyber attacks

Companies need to have board-level buy-in

The Information Security Forum (ISF), an independent information security body, has launched a report giving advice to businesses on how they can prepare their organisations for cyber threats.

Cybercrime is now the third biggest crime problem experienced by UK businesses according to the 2011 PricewaterhouseCoopers (PwC) Global Economic Crime Survey.

In 2010, the UK government also detailed cybercrime as a 'tier one' risk to Britain, alongside terrorism, international crises and natural hazards, and earmarked £650 million over a four-year period to fight against cyber attacks.

The report, 'Cyber Security Strategies: Achieving cyber resilience", was produced after a meeting 300 of the ISF's members, which include companies on the Fortune 500 and Forbes 2000 lists.

Although the ISF believes that information security "has a voice at the table", one of its key recommendations from the report is that businesses get C-level buy-in for their cyber security strategies - a reiteration of a recent Chatham House report on cyber security.

"Cyber security is not an information security issue. It's a business issue," said Michael de Crespigny, CEO of ISF.

De Crespigny said that establishing the governance with enough power to enable the other recommendations made by the report is crucial.

The C-level director responsible for the cyber security strategy can help the organisation get a better sense of their situational awareness and to assess their cyber resilience, he said.

In addition, senior management support will help organisations to connect different functions within the business, which can work together to develop the response mechanism they need to put in place for communicating with affected customers and stakeholders following a cyber attack.

Meanwhile, the more successful a company, the greater the need for it to be resilient and prepared in the face of a cyber attack, de Crespigny said. He gave the example of the Sony hack, which affected millions of account holders.

"The impact of cyber crime has a very long tail. A breach has lasting impact. The impact of incidents is magnified by the success of the company on the internet," he warned.

Available free to ISF members, the report will go on sale to non-members on Monday.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about PricewaterhouseCoopersPricewaterhouseCoopersSony

Show Comments