Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.

Similar presentations


Presentation on theme: "Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number."— Presentation transcript:

1 Bruce Hallas Director Marmalade Box Ltd

2 UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number of known incidents Similar financial impact * BIS ISBS 2009 20% ↑ in number of known incidents 20% ↑ in the financial impact

3 Why the difference? It is about people Cybercriminals are targeting softer targets. Attack techniques are changing. Technology enables storage of large amounts of data. Awareness & understanding amongst SME’s. Resource restraints upon SME’s. SME Priorities. Lack of appropriate & affordable external support.

4 Why should this be a concern to business leaders? Negative Risk Positive Risk Operational Reputational Compliance Productivity Competitive Average cost of known incident £12,500 Average number of known incidents 8 Total cost £100,000. Market differentiation Competitive advantage New products & services Greater profit margins 49% of ISO27001 certificates Tender requirements NPD 15% Higher Margin

5 What Can I Do? Be realistic there is no such thing as “secure”. Investment should be proportional to the impact upon overall strategy & value of information assets. Set your own appetite for risk don’t accept someone else’s. Ensure that appropriate controls are in place. Ensure these are implemented, maintained and reviewed effectively. Delegate responsibilities always remembering your own accountability.

6 ISO27001:2005 2 parts: Independent & recognised management process & set of control guidelines. Certification or compliance. UKAS. Global recognised brand. Most widely adopted means of assurance. The foundation of many other security standards.

7 Benefits ↓ Negative risk to cash flow & profitability Reasonable & Appropriate ↑ revenue & profitability by leveraging customers negative risk Higher product margins & NPD

8 ISO27001 Management meetings Responsibilities & duties Auditing Risk assessment review Policies Procedures Technology User training & awareness Scope Asset Registry Risk Assessment Risk Decision Controls StrategyImplement MaintainReview

9 Forward 1. Is there a business case for achieving certification? 2. Choose a certification partner carefully. 3. Assess whether internal resources have skills/experience. 4. Identify appropriate external support. 5. Be realistic about timescales.

10 Thank You Bruce.hallas@marmaladebox.com Mobile: 07970 645045 Office: 0115 924 1909


Download ppt "Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number."

Similar presentations


Ads by Google