bruce hallas director marmalade box ltd. uk business comparison of information security incidents...

Bruce HallasDirector

Marmalade Box Ltd

UK Business Comparison of Information Security Incidents & Financial Impact

Corporate UK SME UK

25% ↓in number of known incidents

Similar financial impact

* BIS ISBS 2009

20% ↑ in number of known incidents

20% ↑ in the financial impact

Why the difference?It is about peopleCybercriminals are targeting softer targets.Attack techniques are changing.Technology enables storage of large amounts

of data.Awareness & understanding amongst SME’s.Resource restraints upon SME’s.SME Priorities.Lack of appropriate & affordable external

support.

Why should this be a concern to business leaders?

Negative Risk Positive Risk

OperationalReputationalComplianceProductivityCompetitive

Average cost of known incident £12,500

Average number of known incidents 8

Total cost £100,000.

Market differentiationCompetitive advantageNew products & servicesGreater profit margins

49% of ISO27001 certificates

Tender requirementsNPD15% Higher Margin

What Can I Do?Be realistic there is no such thing as “secure”.Investment should be proportional to the

impact upon overall strategy & value of information assets.

Set your own appetite for risk don’t accept someone else’s.

Ensure that appropriate controls are in place.Ensure these are implemented, maintained

and reviewed effectively.Delegate responsibilities always remembering

your own accountability.

ISO27001:20052 parts: Independent & recognised

management process & set of control guidelines.

Certification or compliance.UKAS.Global recognised brand.Most widely adopted means of assurance.The foundation of many other security

standards.

Benefits↓ Negative risk to cash flow & profitability

Reasonable & Appropriate

↑ revenue & profitability by leveraging customers negative risk

Higher product margins & NPD

ISO27001

Forward

1.Is there a business case for achieving certification?

2.Choose a certification partner carefully.3.Assess whether internal resources have

skills/experience.4.Identify appropriate external support.5.Be realistic about timescales.

Thank You

Bruce.hallas@marmaladebox.com

Mobile: 07970 645045

Office: 0115 924 1909