Helping organisations to develop an effective cyber security strategy

While many believe their investment in sophisticated technical solutions means they're well protected from cyber attacks, this is only part of an effective defence. To counter the evolving cyber threat facing organisations today, business leaders must ensure they have an integrated approach to cyber security tailored to their particular business and risk profile, addressing not only the technical aspects of their defence, but also the people and organisational elements.

Developing an effective cyber security strategy

So, how do business leaders develop an effective cyber security strategy? From world-leading energy firms to major government departments, we've helped organisations significantly improve their cyber security and reduce risk, ultimately improving business performance. Based on this experience, we've found four areas to focus on when creating a cyber security strategy:

1. Understand the cyber security risk in relation to your organisation and critical business operations

The cyber security threat has become more complex. So, organisations must first understand what threats they face, the level of risk they're willing to accept and, based on this, the key areas for investment in cyber security.

Our cyber experts have an in-depth understanding of the threat landscape and take a risk-based approach to identifying how it impacts individual organisations.

2. Integrate across personnel, technical security, information assurance and physical security

An effective cyber security strategy must work across an organisation's security measures. It's also possible to make smart interventions in key areas of vulnerability to boost overall cyber security.

That's why we bring together world-class capability in a range of key disciplines (such as software and network security, SCADA and process control security, the insider threat and dynamic defence) with the ability to work across cyber defences and organisational functions to create or strengthen an integrated cyber security strategy.

3. Establish protective monitoring to prevent and deter the 'insider' threat

Protective monitoring offers a coherent view of cyber-related activity across an organisation and supports a positive culture to deter counter-productive behaviour. It also helps businesses address the threat posed by ‘insiders’ who – knowingly or otherwise – may perpetrate or facilitate an attack.

For example, we worked with the UK Government to help define, develop and deliver new national guidance on managing key elements of people, physical and cyber risk.

4. Accept that some attacks will breach your defences – and plan for them

Organisations need to prepare for a successful cyber attack by ensuring they have the skills and resources to quickly identify and isolate problems, determine the level of investigation and response required, and maintain business as usual. Importantly, security measures should make organisations more resilient, and not restrict core business.

We've helped clients build greater resilience from both a system and business perspective, and to build learning from a cyber incident into future management.