SlideShare a Scribd company logo

Cyber Threats Strategy Standards & Benefits - October 15

P
Paul Rolison
1 of 5
Download to read offline
October 2015 Cyber Security – Threats, Strategy, Standards & Benefits An overview of the current threat landscape and the options open to professional firms, their clients and businesses generally. What are you doing to stop me?
Cyber Security – Threats, Strategy, Standards & Benefits Threats The latest PWC Information Security Breaches Survey (2015) commissioned by HM Government shows that security breaches continue to grow in number and impact across large and small business alike. The report sampled large and small business across the UK and in both size categories the rise in breaches is significant. Some security commentators say that almost all large business have suffered a breach but just don’t know that they have – potentially a more worrying statistic. Of those surveyed 59% expect the number of security incidents to grow over the coming 12 months and will continue to increase their spend to seek better protection through technology and people skills. The impact on businesses will inevitably be measured in terms of additional costs, lost sales and reputational damage. The smaller business often suffer disproportionately more and with some businesses unable to sustain the damage caused and never recover. The nature of breaches are changing with attacks from externals sources continue to grow. Larger businesses are more prone to attack although smaller businesses may simply not know that they have been attacked as the available budget and resource to monitor attacks is not available. The ‘Denial of Service’ type of attack is continuing to reduce from a high point in 2013. Whilst external attacks continue to play a large part in the breaches recorded, the Human Factor remains a big issue for large businesses in particular. The need to ensure that a security culture is developed and maintained within a business is ever more present. The acceptance of unexpected emails and the opening of their attachments is a key contributor to a breach where malware is installed and access to systems provided to cyber criminals. The nature of Cyber Threats continues to evolve and the ‘defenders’ will be playing catch-up for many months and probably years to come. Despite many larger businesses are focussing on this subject the majority of the remaining business world is showing little focus and the necessary steps are not being taken to improve the level of security provision to guard against attacks. Professional firms, especially this holding client funds, are particularly vulnerable to attacks and by their nature, their business names, locations, and people are nit dificult to identify.
Cyber Security – Threats, Strategy, Standards & Benefits Strategy In order that an improvement in security can be established a strategy needs to be adopted. The key elements to a sucessful strategy include: - • Ownership from the top It is unlikely that any potential change to an organisation that requires all members to embrace the change will be succesful without leadership and commitment from the top! • Understanding the organisation’s risks In this instance the risk relates to the nature of the data held and/or the assets being held. The nature and degree of risk will vary from one organisation to another, for example, from sensitive personal data to Intellectual Property. Client data and/or client funds held are not only suspectible to attack, both are readily identifable with firms of solicitors of any size. • Assessing the organisation’s relevant skill set IT skills are very helpful in developing the technical approach but as alluded to above to instigate change and developing processes requires a different skill set. A successful strategy will require both which may not be already present within the organisation – this has to be objectively recognised. • Deciding upon a standard to adopt or align to The standards now available provide a solid framework for organisations to benchmark the development of the security provision and those available are considered below. • Developing a deployment and management plan A plan that clearly identifies the goals of the security provision along with the necessary milestones will be an essential element in achieving an effective security provision. • Creating a robust security culture An effective security provision will only be as good as its weakest link and this is usually the human involvement within the organisation’s processes. The development of a security culture that all members at every level of the organisation understand, live and encourage on a daily basis will increase the effectiveness of of the security provision and costs very little to achieve but does require a constant focus. • Communication is vital Establishing the security provision and the vital culture will require regular, informative and understandable communication throughout the organisation and will need to extend to other stakeholders including clients and suppliers.
Cyber Security – Threats, Strategy, Standards & Benefits Security Standard landscape Until 2011 the only established Security standard that businesses and organisations could adopt or align to was ISO 27001 and because the cost of not only implementation but also maintenance the standard was not taken up in great numbers by SMEs and even by many larger organisations. The lack of accessible standards has now been addressed with the launch of IASME in 2011 and Cyber Essentials in 2014. Both standards are accessible from a cost and implementation perspective. The chart belows shows how each of the three standards cover the business and organisational permutations that generally exist. Each business or organisation should seek advice as to which standard would be the most appropriate and one of the factors will always be cost. The details below give a generalised view of the costs involved. • Cyber Essentials (Annual assessment) - Online assessment - £300.00 • Plus testing & assessment - £1,500.00 (depends upon scope) • IASME (Annual assessment) • Audited option varies depending on organisation size - £3-15,000 • ISO 27001:2013 & PCI:DSS (3 year external audit) • Varies greatly and dependent upon scope involved • Minimum - £10,000 It is likely that the largest expense will be getting prepared for the assessments or audits in each case which may include technology changes as well as changing established processes.
Cyber Security – Threats, Strategy, Standards & Benefits Business Benefits As with any investment there needs to business benefits that are in proportion to the costs involved. Such benefits should include the following: - • Prompts a review of systems generally Many IT systems are left running until something goes wrong and the subject seldom appears on SME management meeting agendas. A review of the system can identify issues and establish a greater understanding of what the system has become and what it is actually used for. Both are often a relevation to senior management. • Generates a greater awareness of data value and risks Identifying the data actually held on the IT systems whether on premise or in the Cloud will enable a risk assessment to establish the nature of the risks the organisation may be exposed to. Processes evolve over time and are not always reviewed in light of changing threats such Cyber Attacks, for example, the routine of recording new client bank, passport and other indentifiaction details along with other setup details in unsecured client document is not an uncommon and long established routine. • Promotes best practice It is generally accepted that managing any business or organisation along the lines of best practice will reduce the issues that can arise from day to day operations. There is a clear link in the case of of IT security. • Demonstrates data security focus The Government Computer Emergency Response Team (CERT) included its predictions for 2015/6 that consumers will become more demanding of businesses to safeguard the data held about them and this desire extends equally to commercial relationships. Achieving a recognised security standard enables businesses to demonstrate their approach to data security to all their stakeholders. • Creates confidence in business systems It is important for senior management and staff alike to have confidence in their business systems not only from an operational perspective but also in respect of the security and integrity of the system. The process to achieve accreditation to a security standard requires that the configuration of the system is understood and is appropriate. Such a review will create greater understanding and in turn confidence in the systems in place. • Protects business reputation and value Minimising the likelihood of a damaging security incident will help safeguard the business for all of those involved, from ownership to staff, to clients and to the wider relationships the business has.

Recommended

NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC Advisory Group
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
IT Governance Ltd
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott Mix
TheAnfieldGroup
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber security
IT Governance Ltd
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Ahmed Al Enizi
 
Cyber Essentials Requirements for UK Government
Cyber Essentials Requirements for UK GovernmentCyber Essentials Requirements for UK Government
Cyber Essentials Requirements for UK Government
David Sweigert
 

Recommended

NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC Advisory Group
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
IT Governance Ltd
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott Mix
TheAnfieldGroup
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber security
IT Governance Ltd
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Ahmed Al Enizi
 
Cyber Essentials Requirements for UK Government
Cyber Essentials Requirements for UK GovernmentCyber Essentials Requirements for UK Government
Cyber Essentials Requirements for UK Government
David Sweigert
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
Christy Abraham Joy
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
Vit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
MindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
RachelPearson36
 

More Related Content

Featured

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Cyber Threats Strategy Standards & Benefits - October 15

  • 1. October 2015 Cyber Security – Threats, Strategy, Standards & Benefits An overview of the current threat landscape and the options open to professional firms, their clients and businesses generally. What are you doing to stop me?
  • 2. Cyber Security – Threats, Strategy, Standards & Benefits Threats The latest PWC Information Security Breaches Survey (2015) commissioned by HM Government shows that security breaches continue to grow in number and impact across large and small business alike. The report sampled large and small business across the UK and in both size categories the rise in breaches is significant. Some security commentators say that almost all large business have suffered a breach but just don’t know that they have – potentially a more worrying statistic. Of those surveyed 59% expect the number of security incidents to grow over the coming 12 months and will continue to increase their spend to seek better protection through technology and people skills. The impact on businesses will inevitably be measured in terms of additional costs, lost sales and reputational damage. The smaller business often suffer disproportionately more and with some businesses unable to sustain the damage caused and never recover. The nature of breaches are changing with attacks from externals sources continue to grow. Larger businesses are more prone to attack although smaller businesses may simply not know that they have been attacked as the available budget and resource to monitor attacks is not available. The ‘Denial of Service’ type of attack is continuing to reduce from a high point in 2013. Whilst external attacks continue to play a large part in the breaches recorded, the Human Factor remains a big issue for large businesses in particular. The need to ensure that a security culture is developed and maintained within a business is ever more present. The acceptance of unexpected emails and the opening of their attachments is a key contributor to a breach where malware is installed and access to systems provided to cyber criminals. The nature of Cyber Threats continues to evolve and the ‘defenders’ will be playing catch-up for many months and probably years to come. Despite many larger businesses are focussing on this subject the majority of the remaining business world is showing little focus and the necessary steps are not being taken to improve the level of security provision to guard against attacks. Professional firms, especially this holding client funds, are particularly vulnerable to attacks and by their nature, their business names, locations, and people are nit dificult to identify.
  • 3. Cyber Security – Threats, Strategy, Standards & Benefits Strategy In order that an improvement in security can be established a strategy needs to be adopted. The key elements to a sucessful strategy include: - • Ownership from the top It is unlikely that any potential change to an organisation that requires all members to embrace the change will be succesful without leadership and commitment from the top! • Understanding the organisation’s risks In this instance the risk relates to the nature of the data held and/or the assets being held. The nature and degree of risk will vary from one organisation to another, for example, from sensitive personal data to Intellectual Property. Client data and/or client funds held are not only suspectible to attack, both are readily identifable with firms of solicitors of any size. • Assessing the organisation’s relevant skill set IT skills are very helpful in developing the technical approach but as alluded to above to instigate change and developing processes requires a different skill set. A successful strategy will require both which may not be already present within the organisation – this has to be objectively recognised. • Deciding upon a standard to adopt or align to The standards now available provide a solid framework for organisations to benchmark the development of the security provision and those available are considered below. • Developing a deployment and management plan A plan that clearly identifies the goals of the security provision along with the necessary milestones will be an essential element in achieving an effective security provision. • Creating a robust security culture An effective security provision will only be as good as its weakest link and this is usually the human involvement within the organisation’s processes. The development of a security culture that all members at every level of the organisation understand, live and encourage on a daily basis will increase the effectiveness of of the security provision and costs very little to achieve but does require a constant focus. • Communication is vital Establishing the security provision and the vital culture will require regular, informative and understandable communication throughout the organisation and will need to extend to other stakeholders including clients and suppliers.
  • 4. Cyber Security – Threats, Strategy, Standards & Benefits Security Standard landscape Until 2011 the only established Security standard that businesses and organisations could adopt or align to was ISO 27001 and because the cost of not only implementation but also maintenance the standard was not taken up in great numbers by SMEs and even by many larger organisations. The lack of accessible standards has now been addressed with the launch of IASME in 2011 and Cyber Essentials in 2014. Both standards are accessible from a cost and implementation perspective. The chart belows shows how each of the three standards cover the business and organisational permutations that generally exist. Each business or organisation should seek advice as to which standard would be the most appropriate and one of the factors will always be cost. The details below give a generalised view of the costs involved. • Cyber Essentials (Annual assessment) - Online assessment - £300.00 • Plus testing & assessment - £1,500.00 (depends upon scope) • IASME (Annual assessment) • Audited option varies depending on organisation size - £3-15,000 • ISO 27001:2013 & PCI:DSS (3 year external audit) • Varies greatly and dependent upon scope involved • Minimum - £10,000 It is likely that the largest expense will be getting prepared for the assessments or audits in each case which may include technology changes as well as changing established processes.
  • 5. Cyber Security – Threats, Strategy, Standards & Benefits Business Benefits As with any investment there needs to business benefits that are in proportion to the costs involved. Such benefits should include the following: - • Prompts a review of systems generally Many IT systems are left running until something goes wrong and the subject seldom appears on SME management meeting agendas. A review of the system can identify issues and establish a greater understanding of what the system has become and what it is actually used for. Both are often a relevation to senior management. • Generates a greater awareness of data value and risks Identifying the data actually held on the IT systems whether on premise or in the Cloud will enable a risk assessment to establish the nature of the risks the organisation may be exposed to. Processes evolve over time and are not always reviewed in light of changing threats such Cyber Attacks, for example, the routine of recording new client bank, passport and other indentifiaction details along with other setup details in unsecured client document is not an uncommon and long established routine. • Promotes best practice It is generally accepted that managing any business or organisation along the lines of best practice will reduce the issues that can arise from day to day operations. There is a clear link in the case of of IT security. • Demonstrates data security focus The Government Computer Emergency Response Team (CERT) included its predictions for 2015/6 that consumers will become more demanding of businesses to safeguard the data held about them and this desire extends equally to commercial relationships. Achieving a recognised security standard enables businesses to demonstrate their approach to data security to all their stakeholders. • Creates confidence in business systems It is important for senior management and staff alike to have confidence in their business systems not only from an operational perspective but also in respect of the security and integrity of the system. The process to achieve accreditation to a security standard requires that the configuration of the system is understood and is appropriate. Such a review will create greater understanding and in turn confidence in the systems in place. • Protects business reputation and value Minimising the likelihood of a damaging security incident will help safeguard the business for all of those involved, from ownership to staff, to clients and to the wider relationships the business has.