A report from the National Cyber Security Alliance (NCSA) and Symantec back in 2012 found that there was a false sense of cybersecurity among small and medium-sized businesses (SMBs).
After asking 1,015 SMBs about their level of cybersecurity, 77% said their company was safe from cyber threats and cybersecurity breaches, yet 83% have no formal cybersecurity plan.
Other researchers have more recently reported similar findings in their data:
- 46% of respondents to an ISACA survey expect a cyberattack to strike their organization in 2015, but only 38% say they are prepared.
- 60% of businesses are fully aware of their legal responsibilities in safeguarding sensitive data, yet 21% of businesses never perform security awareness training, 23% never hold security planning meetings, and 24% do not have employees that read and sign their business’ information security policy (Trustwave).
- US-CERT says 85% of breaches could be prevented by remediating known vulnerabilities, but only 44% of IT professionals and 35% of C-level survey respondents were “very confident” in their vulnerability management program (TripWire).
Boards don’t fully understand cybersecurity
There is definitely a discrepancy between knowing what should be done and actually doing it. This can sometimes be the case when boards don’t fully understand cybersecurity, so security budgets remain static, strategies are abandoned, and many organizations struggle to achieve adequate levels of information security.
Implementing a robust management system that is aligned to the international information security standard, ISO 27001, is one of the best ways to administer your sensitive information.
The Standard encompasses all areas of your business – including people, processes and technology – and by having an information security management system (ISMS) you will be able to consistently, efficiently, and cost-effectively coordinate all of your security efforts, both electronic and physical.
Implementing an ISO 27001-compliant ISMS isn’t as scary as it sounds: the ISO 27001 Get A Lot Of Help package contains the right mix of materials, tools, training, consultancy, and support to provide you with everything you need to implement an ISO 27001-compliant ISMS yourself.