As most of you will have noticed, there are more and more surveys, articles and data about the Top 100 large companies, and how prepared they are to deal with cyber-crime.
I have been talking to our partners and other SMEs about their experience and preparations, and interestingly the figures are almost exactly the same.
Basically, awareness is increasing but the level of actions taken to deal with the issues are not growing at the same rate – anywhere…
The “WannaCry” malware clearly showed how easy it is to hit large companies, and even small organisations are at risk – without really knowing what to do about it.
Particularly worrying is the fact that when the General Data Protection Regulations (GDPR) rules come in to effect in May, not only will hacked data be a nightmare to deal with, but organisations will also be prosecuted and fined if it’s not all handled properly.
Over 1/3rd of the companies I have spoken to don’t have a cyber-attack plan, or indeed, any idea of what’s needed to work towards complying with the new regulations.
Many of those who said they are prepared to have admitted they see the whole area as an IT issue – but it really is a Board-level responsibility. A large part of preparing for GDPR is auditing the current level of understanding and activity around cyber-security within an organisation, and training staff where necessary – clearly not an area of expertise in many IT departments.
And of course – after the big, up-front issue of auditing and training, you still have to be able to show what’s been done to protect your data. But that one’s easy: just call us, and we can help you sort it out!