A key finding of their 2022 report was that companies that consider themselves ‘experts’ in cyber resilience had fewer attacks, were less likely to pay a ransom, and recovered from incidents more quickly. This year’s report reinforces the message that expertise pays off, with ‘cyber novices’ paying an average of two and half times the costs of an attack as a percentage of revenue, than non-novices.
In our opinion, the first step in maturing to an ‘expert’ level of cyber resilience is to conduct a cyber risk assessment. There are many standards you could assess against for this, such as ISO27001, NIST, the CIS 18 etc. but we recommend assessing against the NCSC’s Cyber Assessment Framework (CAF).
The CAF defines four key security objectives to consider on the road to good cyber resilience:
A – Managing Security Risks
B – Protecting Against Cyber Attacks
C – Detecting Security Events
D – Minimising the impact of Security Incidents.
Whichever standard you chose to assess against, all consider data security as a key element and at a recent event with our partner Varonis, we discussed how their tooling can specifically assist with the CAF controls. For example, Varonis can help with:
A Varonis Data Risk Assessment can help you answer questions such as:
If you’d like to know more about how a free Varonis data risk assessment can help you address these questions, then please get in touch at email@example.com