BS 10012 was created to provide a framework for a personal information management system that complies with the Data Protection Act 1998. Adopting BS 10012 enables organisations to improve data storage protection and manage data processing and data transfers better, so that they comply with legislation.
There can be very serious legal consequences for directors and senior executives who are judged to have failed in their data protection responsibilities. In December 2015 the EU Commission, Parliament and Council of Ministers agreed on the new General Data Protection Regulation (GDPR). Companies holding personal data have two years to comply.
Are your data processing systems secured and how often do you conduct an external audit? Neglecting your duties could be very expensive and harmful to the future of your company.
Regulators in the USA are taking the lead in suggesting that companies will have to document their policies on customer data protection, network security measures and standards adopted by their suppliers. The proposals also include the mandatory appointment of a board-level CIO (Chief Information Officer) to report annually on the implementation of the policies.
Cyber crime is growing exponentially and poses threats to all companies and organisations. Recent reports in the UK show examples of how serious cyber crime is and how poorly prepared many companies are to deal with the consequences.
The UK government’s Cyber Security Breaches Survey 2016 highlights these statistics:
- 69% of businesses said that cyber security was a high priority for senior managers
- only 15% of companies had taken recommended actions to identify cyber risk
- only 29% had formal written cyber security policies
- only 10% had a formal incident management plan.
The report also states that:
- 65% of large companies had detected a cyber security breach or attack in the past year
- 25% of these experience a breach at least once a month
- £3 million was the most costly breach identified in the survey.
The average cost of a cyber security breach to large companies was reported to be £36,500 but only 5% of those surveyed conduct ongoing monitoring of breach costs.
Other findings from the report were that
- 68% of breaches were virus, spyware or malware attacks
- 32% of breaches were impersonation of the organisation
- only 13% of companies set cyber security standards for their suppliers
Fernlea Business Support has designed a strategic risk management audit process covering cyber risk, together with all other aspects of vulnerability. The risk audit service is quick and cost effective and provides a 360˚ view of threats to the security, stability and sustainability of your organisation.