This is the incorrect question to ask, rather; “How many risks are currently being taken and are they HIGH, MEDIUM or a LOW risk to your firm?”
Calculate this by simply drawing a few headings: Potential LOSS in money taken directly, CLIENT DATA RECORDS stolen and shared or exposed, FINES on your firm, company value loss due to REPUTATIONAL DAMAGE, loss of TRUST etc. The list goes on but a great start. Then ask, “What CAN be done to mitigate risk?”
Juniper 2015 research across 200 firms sights 74% of UK firms THINK they are safe, yet 55% of large firms and 45% of SME’s were attacked last year and 29% of these resulted in a data breach.
March 2015 government figures now show the average cost of a data breach is £65,000 to SME’s. So taking the above statistics, it is roughly a 1 in 8 chance your firm will both be attacked AND have a breach is data in the next year, therefore investing a minimum of £8k ANNUALLY in Cyber Security Awareness training, policies and tightening exposure in HIGH RISK areas is a wise pro-active approach for those responsible, which ultimately is the board, not the I.T. department. Juniper research tells us 65% of firms believe simply putting security policies in place will make them secure. I would challenge this.
Working with security experts in each field, Matrix247 are currently offering a complimentary ‘Vulnerability Assessment Report (VAR) ’ to firms looking at Data Infrastructure, Networks, Telecoms, Mobile Devices and Websites and forwarding the report findings to the Managing Partners for them to take up with existing suppliers.
Surely it is wiser to make a decision to make no investment with the facts on the table, rather than wait for the inevitable breach. Contact firstname.lastname@example.org to request your firms VAR.