According to the UK Government’s Department for Science, Innovation and Technology’s Cyber Security Breaches Survey 2024, 74% of large businesses report having experienced some form of cyber security breach or attack in the last 12 months.
A serious cyber incident can generate significant operational costs, legal consequences and reputational damage. IBM’s annual ‘Cost of Data Breach Report 2024’ suggests the global average cost of a data breach in 2024 is £3.7 million. This is a 10% increase over 2023 and the highest total ever recorded in their study.
Managing cyber risk is an ongoing process where those managing businesses need to know how to create the right environment, be provided with the right information to support decision-making and be able to take steps to effectively manage the risks. In this article, Tim Robinson, Partner in Crowe’s Forensic Services team, lists five important cybersecurity elements that those in leadership roles need to be aware of and consider. Positively, depending on the nature of your business, many of the elements listed may be required already from a compliance perspective.
Effective governance involves establishing clear policies, procedures, and oversight mechanisms for cybersecurity. A comprehensive framework should be deployed that integrates cybersecurity into the overall governance and risk management strategy of the organisation. Without strong governance from leadership, a lack of accountability can develop and generate weaknesses in resilience.
Cybersecurity threat intelligence, such as dark web monitoring to identify possible new attacks, is crucial for large organisations to respond proactively to the continually evolving risk. It helps businesses to anticipate and prepare for potential cyber threats by providing insights into emerging threats and tactics, helping to prioritise resources and improve resilience. In addition, investing in security AI and automation saved on average £1.7 million versus those who didn’t when impacted by an incident in IBM’s 2024 research.
Having a well-defined incident response plan is essential. In the event a cyber attack is successfully deployed against you, investing in post-breach response preparedness can help dramatically save time and lower breach costs. Leadership has a critical governance responsibility to manage the response.
Human error is a significant factor in many cyber incidents. Regular training and awareness programs for employees can help in recognising and avoiding phishing attacks, social engineering, and other common threats. A culture of cybersecurity awareness can significantly reduce the risk of breaches. Employee awareness should reflect the new tactics cybercriminals are using, for example, the use of deepfake technology in phishing campaigns that increase their fictional validity. Read more about this in one of our recent ‘Can you spot a deepfake?’ Forensic Fundamentals posts.
As the cyber landscape continues to develop rapidly, leaders of large or listed businesses need to continue to equip themselves with the knowledge to carry out their roles effectively. Senior management and boards have an important oversight role and can’t simply leave this risk to the technologists in the organisation to manage.
Visit our cybersecurity page or contact Tim Robinson for a discussion about Crowe’s cyber services and how we support businesses in this area.