The younger generation has grown up with a lifetime of trust in handheld devices and intelligent environments. Our personal cyber security risk now extends across all aspects of our lives: in our homes, during our travel, and in our schools and workplaces. When the motorcar was invented, a man walked in front of it with a red flag and its speed was limited for safety reasons. As technology and legislation has advanced, the perceived risk in travelling on a modern road has fallen. This is partly because every UK driver has to pass a test and adhere to clear rules and controls if they wish to drive on a public road. As yet, there is no Highway Code equivalent for using a computer or other device on a network, and the majority of us are relatively blind to the risks as we zip around the virtual landscape. We can buy anti-virus software and firewalls, but few understand them, or know what is good or bad. Without a code, we are left to apply our own judgments on what is safe and appropriate. In fact, many give no thought at all to this, or just assume that manufacturers and internet providers have safeguards “built in”. While to a degree individuals can get away with blissful ignorance as the risk radius is relatively small, companies have a broader responsibility to their employers, customers and communities. While it’s the reputational harm to high profile brands and individuals that most often make the news, companies should be aware that malicious attacks can see their intellectual property stolen, their privacy compromised and their assets damaged. Codes are emerging throughout the industrialised world, and in the UK we have the Cyber Essentials scheme. This is a minimum layer of controls for risk mitigation. For many types of central government contracts this is mandatory, and it is being encouraged for local government and related agency contracts. It is also beMost of us are ignorant to the hazards of technology – and there is no equivalent of the “highway code” to guide us Caught without a code ing adopted and built upon throughout the supply chains of the largest companies in the UK and the world. Cyber Essentials will likely be the future for all companies working in and supplying to the UK. The National Cyber Skills Centre was set up in 2013 to raise awareness of cyber risk, to promote adoption of Cyber Essentials, and to provide employers with a cost effective and credible series of awareness and knowledge development courses. Can we insure against cyber risks in the same way as other business risks? In short, this is an emerging area and the UK is following the lead of America. But with certainty, it is those with appropriate controls, governance and policies to address the threats that will get the lowest premiums, and those without may be uninsurable. Cyber security is a risk that may be become very expensive, if not impossible, to buy a way out of.
Prof Richard Benham is a professor of cyber security management and Dr Stephen Wright is general manager at the National Cyber Skills Centre
To read the original article, click on the link below and go to page 23.