Setting the strategic vision for cybersecurity risk management

CYBER STRATEGY

Working with companies to build the foundations for cyber risk management

Evolution of cybersecurity

Hackers have the flexibility to transform threat vectors to suit situations.  This has resulted in the frequency, complexity and severity of cyber attacks increasing over the past 5 years.  Hackers have taken advantage of changes in geopolitics, advances in technology and the lack of public and private sector cybersecurity.  The predominant cyber threat vector in 2021 and 2022 was ransomware, a devastating form of attack that results in the theft and ransom of corporate and associated client data.

Cybersecurity risk management is not a one-off activity.  It requires a strategy that evolves to address regulatory compliance and develops as cyber threats, business strategy, operational capacity, financial performance, cyber regulations and enforcement programs evolution.

Cyber strategy

Cyber is an enterprise-wide risks that impacts all aspects of financial statements and business operations.  It is recognised as a complex risk to manage, often under funded and requiring a clear and concise strategy if it is going to be successfully managed.  Cyber strategy forms the basis for cyber risk management and recognizes that the management of cyber security and cyber risk is a corporate priority.  Cyber strategy identifies key objectives and deliverables and sets the direction of travel.  Without a well articulated and agreed strategy an organisation will not affectively manage cyber risk, and will likely waste time and money trying to achieve goals it may not actually reach or which do not enable it to manage cyber risk.

The cyber strategy identifies the appropriate cyber framework and standards (NIST, ISO 27001, CMMC) which the organisation will adopt, it will define objectives, outcomes and success criteria and outline the costs associated with meeting the strategic outcomes. In line with organisations overall business strategy, to which it forms an important input.  Without a well articulated and agreed strategy an organisation will not affectively manage cyber risk and will likely waste time and money trying to achieve goals it may not actually reach or which do not enable it to manage the risk.

Reviewing cyber strategy and corporate cyber programs

Cyber Strategy is the foundation of managing cyber security regulation.

Typical projects

1. Evaluation of cybersecurity and cyber risk management maturity in line with international standards such as NIST SP 800-171, NIST CSF and ISO 27001.

2. Evaluation of the effectiveness of current cybersecurity strategy and plans, making recommendations for improvements.

3. Creating cybersecurity risk management strategy and programs to meet cybersecurity regulations.