In this article, Dr. Richard Fallon (CMO, Cyber Risk Score) explains why it is essential that organisations across the West Midlands and beyond, adopt a basic level of cybersecurity and suggests five key points that should form the basis of a national cybersecurity policy.
The Need for a Basic Level of Cybersecurity in the West Midlands
Business in the West Midlands and across the United Kingdom are sharing more information than ever before with their suppliers and their customers. This is a vital necessity if the West Midlands and country are to increase efficiency and productivity. For example, by linking a warehouse stock control system through an ordering system to a supplier, a company can ensure it never runs short of products and there is no need for manual intervention. This simple solution applies also to construction. The ordering system can even predict when any particular product is likely to run out and order well in advance.
Companies also share operational, financial and customer data. This makes supply chains much more efficient and productive. The issue is that the data they share must also be secure. A supply chain is only as strong as its weakest link.
Supply chain resilience is regularly featured on the news. It is vital that it is improved for the survival of the businesses involved and for their customers. Also companies have a duty of care to ensure that the data they share is protected especially if it involves IP, financial or customer information.
Data security needs to be a corner stone of any company’s Environmental, Social, and Governance (ESG) policy. However, many consider that they only need to ensure that data is safe within their own systems. They assume that those they share data with have their house in order.
Unfortunately, CEOs and business owners often assume their systems are safe when they are not- especially if they outsource their IT. A common comment is “Cybersecurity is simple. All I need to do is regularly update my virus software.” Equally, the suppliers and customers they share data with are not safe.
These issues are highlighted by the below statistics:
- The Government’s Cyber Security Breaches Survey 2020 shows that 46% of businesses report having cyber security breaches or attacks in the last 12 months. 39% of these were negatively impacted in terms of fines, fixes, lost time and lost business.
- IBM reports that the average data breach costs $3.6m (£2.6m).
- “40% of small business do not regularly update software and a similar proportion do not back up data.” The Federation of Small Businesses
- “A small business in the UK is successfully hacked every 19 seconds” Hiscox 2021 Cyber Report
What is required is a basic level of cybersecurity. We have identified five key points that should form the basis of a national cybersecurity policy. This will support UK businesses and all them to freely share data, benefit from improved productivity and efficiency and so generate prosperity for the West Midlands and the UK
1. Regular Vulnerability Scanning
Regular vulnerability scanning including an easily understood score which can be shared with suppliers and customers is vital. This would involve a monthly scan of a company’s web site which would produce a score, list of vulnerabilities found and a report detailing the issue and its solution. As most cybersecurity breaches start with hackers gaining access to a company’s web site and so on into their e-mail and other systems, this is vital.
2. Employee Training
It is vital that employees receive cybersecurity training. One of the biggest cybersecurity threats is ransomware. This is usually installed when an unsuspecting employee clicks on a link, downloads a file etc from an email. Once a hacker has penetrated a company’s web site, they will gain access to the email server and start sending files etc from genuine email addresses.
3. ESG Training for C-suite individuals
It is important that the CEO and Board understand their duty of care and develop or update their ESG policy. Investors are more attracted to companies with a solid ESG policy while shareholders expect a company to have this in place.
4. Cyber Insurance
It is highly recommended that once a business has put in place basic cybersecurity measures that they get themselves insured. No system will ever be 100% hacker-proof. Companies needs to put in place cyber insurance.
5. Supply Chain Monitoring
It is vital that companies monitor the cybersecurity of the businesses they share data with. They have a duty of care to improve their supply chain resilience and ensure the data they share is properly protected. They need a simple way to assess the cybersecurity stance of their suppliers so they can determine who they can freely share data with and who needs to needs to improve their stance before they do.
Cyber Risk Score helps companies to assess their internal and supply chain cybersecurity. It provides an affordable solution which gives users each month an easy to understand cybersecurity score out of 1,000 and a report listing the vulnerabilities found along with their resolution. This score can be easily shared with customers and suppliers so companies can monitor the cybersecurity of their supply chain.
These are five simple steps that any business can take to monitor, improve and prove their cybersecurity. They also help to improve the cybersecurity and resilience of their supply chains allowing increases in productivity, efficiency and prosperity in the West Midlands and across the UK.
About Dr. Richard Fallon
Dr. Richard Fallon completed his PhD in Electronic Engineering at Aston University in 1998. He went onto become Business Analyst for British Airways for four years before moving onto a senior BA role at npower. In 2004, he set up his own business. Since then, he has had a focus on marketing with a passion for technical projects and solutions including promoting the support that universities offer to local manufacturing, engineering and tech companies.
This led to an interest in supporting these companies in achieving productivity and efficiency gains by sharing more data. This can only happen when all parties concerned know that their data will be safe with the others. Richard is the CMO for Cyber Risk Score which provides companies with an affordable monthly cybersecurity score and report with recommendations on how to improve it.