Last week, members of our cyber-security team met with the City of London Police to discuss Cyber Griffin – their recent initiative designed to help the Square Mile protect against cyber-crime.
Using simulation games pioneered by the Metropolitan Police (think algorithms meet Lego), we explored the impact that different board-led cybersecurity strategies can have on a business.
Of all the things we discussed with the City of London Police, four issues really chimed with some of the work we’ve been doing for clients recently:
- Cyber-attacks are enterprise-wide risks, not just ‘IT risks’. This fact alone means that a board has to have sufficient understanding of the unique cyber-risks that its organisation faces, in order to inform its risk appetite and effectively mitigate the threats.
- An organisation’s employees can be both its biggest security risk and its biggest security asset. In this respect, education of staff is critical to robust cybersecurity.
- Spending time preparing an effective decision-making log before an incident occurs will often reap dividends in the midst of an attack.
- Knowing when to involve authorities such as the police or the NCSC during the response to a cyber-incident can make a huge difference to the outcome of an attack.