Protecting business value with cyber security
The increasing digital transformation of companies over the last few years has brought great efficiency leaps for companies in the Inflexion portfolio. Robin Oldham, Founder of specialist consultancy Cydea, talks about the need to protect this growing amount of online data from cyber criminals.
With ever more data online, there is ever more opportunity for people to fall prey to cyber criminals. In October, the head of the National Cyber Security Centre, an arm of GCHQ, announced that ransom cyber attacks present "the most immediate danger" to UK businesses in cyber space, yet not enough organisations were prepared for the threat or tested their cyber-defences.
Indeed four in ten businesses (39%) in the UK reported having cyber security breaches or attacks in the 12 months to March 2021, with 27% of these experiencing them at least once a week. In the US, over 60% of the Fortune 1000 had at least one cyber incident over the last decade.
“More tech means more opportunity for disruption to that tech,” points out Robin. Clearly if you operate with just pen and paper and telephone you can’t be ransomwared, but then you are also missing out on the efficiencies that come with digital transformation.
“We need to ensure companies have the right governance and risk management to make sure they have the right defences,” Robin explains. It’s about enlightening people and firms about what the risks might be. That is simpler to comprehend in the physical world, where you know where data is and who has the keys, but it can be more challenging to move that awareness into a digital world.
What needs protecting?
Businesses can struggle to answer the question of what and where the crown jewels really are. This is because of silos, biases or natural shifts over time, and it’s why an independent view can be invaluable.
“Rarely are the determinants of what’s important aligned. So achieving shared consensus is where getting someone independent can help as they can see past functionality-based biases,” Robin says.
What are the threats?
Ransomware makes the news a lot because it tends to make a big impact, but the money involved is dwarfed by cybercriminals engaging in a high volume of smaller theft through business fraud, like business email compromise or invoice fraud. An example is criminals hacking into a suppliers’ company and changing the bank details on invoices so payments are diverted.
How can I protect my company?
It’s about culture and the behaviour of individuals and helping them become self-sufficient rather than a checklist, according to Robin. “How frequently do you talk to staff about security and your approach to risk management? Does management lead by example? It’s about instilling the right mindset for people to help themselves proactively when it comes to cybersecurity,” he says. While compliance is necessary, it isn’t usually sufficient to ensure safety – not only is it reactive, but going on a ‘witch hunt’ after a breach can be counterproductive to learning from these experiences.
Despite the importance of this, just 18% of businesses report quarterly updates on the state of cyber security to senior managers– and a similar percentage (17%) never do so.
It’s clear it’s about being on the front foot in this increasingly important area as regards awareness and protection.
Inflexion’s portfolio support
Each business within the Inflexion portfolio has different levels of risk and faces different threats, so a one-size-fits-all approach doesn’t work. “We focus on behaviour and culture rather than just technical controls, supporting companies to build secure and resilient approaches for managing cyber risk properly,” Inflexion’s Digital Director Alex Mathers says. “It’s about self-sufficiency and ensuring the foundations are there, rather than prescribing particular actions and saying which product you buy from which vendor.”
Cyber due diligence is an important part of the investment process at the time a company joins the Inflexion portfolio – but maintaining good cybersecurity requires an ongoing effort. Recognising this the firm conducts an annual cyber assessment across the portfolio, with clear and actionable feedback provided to each business, and also provides support and mentoring via clinics, workshops and 1:1 sessions throughout the year. The diverse portfolio combined with Inflexion’s own experience in this space means we can combine knowledge sharing and expertise to help offer ongoing support to the businesses we back.