(ID999) INCIDENT RESPONSE - Tel: UK 0044 1732 897 601

Cyber Security & Risk Management

What is risk management?

Risk management is an essential part of good management practice and features prominently on the agendas of senior managers and board members. Whilst risk management applies to all areas of organisational activity its relevance is particularly clear in relation to projects, particularly projects with an IT or systems component. It is probably fair to say that risk management is the single most important component of project management. BII consultants are very adept at working with companies to help them manage risk as part of a methodical approach.

Definitions of risk

In most project management methodologies, risk tends to be viewed in a very negative sense. It is generally defined in terms of something that might occur to adversely affect you achieving your goals. BII help companies broaden that definition and we suggest that risk may not always have an adverse impact. Our philosophy is to say that risk is not necessarily something going wrong – it is simply something turning out differently to how you expected or planned for. This view allows the possibility that risks can be turned into opportunities if managed effectively. To be a bit more specific, risk is: ‘A future event (or series of events) with a probability of occurrence and the potential for (a) loss or (b) impact on objectives that can be either positive or negative.’ It is therefore more accurate to say that this is not just about risk management rather it is concerned with risk and opportunity management.

Evolving technology and costs

Last year the cost of global cybercrime was estimated to be USD388bn – with an individual falling victim to a form of online crime every 19 seconds.

In today’s inter-connected and ever transit/mobile world, every element of society including government, industry, commerce, charity, health, education and individual citizens is increasingly at risk as more and more sensitive data is stored on a computer system somewhere in the world. The risks are constantly evolving as technology develops, and they are likely to become more acute as a new generation of smartphones effectively become mobile wallets, which will place ever greater volumes of personal and financial data at risk.

Why is risk management important?

 Risk management is fundamentally about making better decisions. In IT, as in any other environment, you can’t decide not to take risks, that simply isn’t an option in today’s world. All of us take risks and it’s a question of which risks we take. BII can help companies to evaluate their approach to risk and give practical advice on how to manage the risks businesses must take. By understanding what ‘risk’ means, the spectrum of differing attitudes towards risk, and a basic process framework for managing risk, we can not only mitigate against unwanted risks but turn challenges to opportunities. This resource covers some basic ground rules and approaches, and provides some templates to get you started and enable you to tailor the approach to be fit for your purposes.

Cyber Security

For  the first time, the Government and intelligence agencies are directly targeting the most senior levels in the UK’s largest companies - company boards, their Chairs and Chief Executive Officers - and providing them with advice on cyber security threats.The new Cyber Security Guidance for Business looks at how to safeguard a company’s most valuable assets, such as personal data, online services and intellectual property. It is designed to reinforce the idea that this is a strategic risk that needs to be managed at board level. Business Secretary Vince Cable said:

“Cyber security threats pose a real and significant risk to UK business by targeting valuable assets such as data and intellectual property. By properly protecting themselves against attacks companies are protecting their bottom line. “Ensuring this happens should be the responsibility of any chief executive or chair as part of an approach to good corporate governance which secures a business for the long-term.”

Quote by David Cameron PM

The United Kingdom faces a complex array of threats from a myriad of sources. The National Security Strategy describes the strategic context within which these threats arise, and how they may develop in the future. It describes Britain’s place in the world, as an open, outward-facing nation whose political, economic and cultural authority far exceeds our size. Our national interest requires our continued full and active engagement in world affairs, promoting our security, our prosperity and our values.”