You are using an outdated browser. For a faster, safer browsing experience, upgrade for free today.

The Case for Cyber Security Risk Management

We’ve all heard the headlines about data breaches at the likes of TalkTalk, Metro Bank, Wonga, and Yahoo. But unless you are really tech-savvy, ‘cyber security’ probably has quite a vague meaning to you; you might be in some doubt as to its relevance to your business; the whole area appears to many business bosses so baffling and complex to address that it is dumped into the box marked ‘too difficult’ and given a good stiff ignoring.

But that is a dangerous course of action. As the report ‘The cyber threat to UK business 2017 – 2018’, produced by the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA), makes clear:

“Cyber-attacks have resulted in financial losses to businesses of all sizes. The costs arise from the attack itself, the remediation, and repairing reputational damage by regaining public trust. Attacks have also triggered declines in share prices and the sacking of senior and technical staff held to account for massive data breaches. The enforcement of the General Data Protection Regulation (GDPR) in May 2018 could, under certain circumstances, lead to severe fines for organisations which fail to prevent data breaches”.


Gulp. So, it’s pretty relevant to a business of any size. And just what kind of figures are we talking?

  • According to a report from IBM’s Ponemon Institute (‘Cost of a Data Breach 2018: Global Overview’), the global average cost of a data breach was an eye-watering £3 million.
  • Moller-Maersk (quoted in the NCSC/NCA above) reported an expected loss of revenue of €350m from the 2017 NotPetya attack of June 2017.
  • The UK Information Commissioner's Office intends to fine British Airways £183m (1.5% of their worldwide turnover in 2017) after more than half a million customers' data was stolen by hackers from its website and mobile app (according to a report in the Financial Times (8 July 2019)).

You don’t all suddenly need to become cyber security experts, but you do need to understand enough to make your defence stronger. As Ciaran Martin, CEO of the NCSC, puts it:

“…cyber risk is a business risk. And it needs to be treated like one. That means you have to understand it. People at board level need to understand the basics – and I stress, basics - of cyber-attacks, cyber risks and cyber defences. That’s daunting, but it is doable. It’s essential.

Ciaran Martin, NCSC (CBI Cyber Conference, Sept 2018). 

The good news is, you’re not on your own here. As in much of life and business, there are experts on hand; people with the tech know-how and the real-world experience to guide you through and ease the pain points.

At Hexegic we have developed a means of helping board members and technical teams to communicate about cyber security and identify where defences are weak. Our product, Vue Risk, is based upon an infographic methodology that is used to manage risk across hazardous industries, such as aviation and oil and gas.

We can help any business or organisation quickly get a picture of their cyber security position – and how to improve it – within a short consultation. And you can trust us that Vue Risk produces accurate, actionable information because we are a NCSC Assured Service Provider for risk assessment and management.

We’ll also be blogging regularly over the next couple of months on the 10 key steps to cyber security advised by the NCSC – achievable, practical steps that you can take, whatever the size of your set up, to minimise the risks and protect your business. Ensuring you don’t become the next hacking to make the headlines.

Back To Blog Page