Commenting on the UK government announcement of £17 million in fines for cyberbreaches, Jon Rigby, director of cybersecurity at AlixPartners says:
“This should be another wake-up call to UK businesses. Whilst larger corporates have the resources and expertise to mitigate the threat of a major data breach, senior executives must recognize that investment in cybersecurity is business critical, not simply a discretionary spend. With GDPR implementation just months away, CEOs must be prepared to respond to a potential data-privacy breach, at a time when wider operating budgets are under pressure.
“The threats posed to an organization’s reputation and balance sheet are very real. Over the last 12 months we’ve seen greater understanding and engagement from Board executives around the issue of information security and data privacy. This period ahead of GDPR implementation is an opportunity to broaden awareness to more of the senior team and for them to demonstrate strong top-down leadership around the issue of cybersecurity.
“Experience shows that strong security governance, controls and culture cannot be built overnight. If firms have not taken strong steps already, they will be vulnerable for months or even years, and need to take interim measures, such as compromise assessments, response training or increased insurance to manage this risk in the interim.”