What is Cyber Resilience?
This was a buzzword, but it has crept into legislation. What does it mean? Quite simply, it refers to ability to recover its systems quickly after an attack. If a business doesn't recover quickly (i.e. within 10 days) it may never recover.
We think all businesses should aim for Cyber Essentials. This is only about 5 technical controls but if correctly implemented they will stop 80% of attacks. Really good cyber security, or Cyber Resilience, cannot happen overnight. It will be a journey that could last years. We can take even the smallest business through the various stages of getting good digital security that is suitable for them.
Every business is different. In this option, we look at the journey businesses can take beyond Cyber Essentials to develop a system that is truly resilient to attack, and quick to recover after one.
The next step may be Cyber Essentials plus. Or Cyber assurance (L1 then L2). Or ISO27001 (although, if starting from CE, that would be a very big step indeed!)
Other Products and Services from Regola Digital Consulting
Gap Analysis
Current state and what is needed for Improved State.
This can be used for planning for developments needed to achieve:
Cyber Essentials (and Plus)
Cyber Assurance
ISO27001
Cyber Security Awareness Training
Cyber Security Awareness Training is probably the first real step towards cyber resilience (after becoming aware that you need cyber awareness training that is!). To be resilient, an organisation not only needs to be able to defend against cyber attacks, but also to recover effectively and quickly if a system problem emerges.
We consider Cyber Essentials to be the obvious next step, because the 5 technical controls harness the power of software that will already be on the system to automatially protect, with assistance of course from users who are aware (e.g. passwords). The cost of getting these controls working effectively could well be minimal! Once achieved, Cyber Essentials certification comes with free cyber liability insurance (up to £25000). You may wish to also get audited (Cyber Essentials plus). No further training is required for that, but you do need to allow an NCSC-approved vulnerability tester into your system.
Once those five technical controls are working effectively, other standards should be considered that use morte robust user controls, and management controls. This can be achieved through Cyber Assurance, PCI-DSS, or ISO27001.
If an organisation is only at the awareness level, do not be too worried... the fact that you are thinking about improving awareness puts you ahead of many other organisations who have yet to even take that first step.
Cyber Essentials and Cyber Liability Insurance
This only applies to UK organisations.
Any organisation with less than £20 million turnover that achieves Cyber Essentials is entitled to cyber liability cover, for claims up to £25000. This is a thank you for making your systems safer, and less likely to be hacked... and therefore less likely to make an insurance claim. In short, it means you are "lower risk". This is backed up by statistics that show that those with Cyber Essentials are 93% less likely to make a claim.
For a microbusiness, £25000 cover may be adequate. If it is a small business that is part of a supply chain, the liability could turn out to be higher. Insurance premiums can easily be extended at modest cost, to provide greater cover.
Regola Digital Consulting
Office 1.19, Torbay Business Centre, Lymington Road, Torquay, Devon, TQ1 4BD, United Kingdom
Regola are an NCSC approved Cyber Essentials Certification Body We offer a cost-effective service, based on many years experience of offering expert advice to SMEs so they cover the basics of technical security. We specialise in UK Government's Cyber Essentials (CE) and have assessed over 150 clients. As an accredited Certification Body for both CE and CE+, and IASME Cyber Assurance, we offer customised guidance to help businesses achieve valued cyber security certifications to assure partners and clients. The Cyber Essentials scheme also provides free Cyber Liability insurance up to £25000 for smaller UK companies who achieve certification. It is especially beneficial for SMEs aiming to secure government contracts or reassure clients that their information is well-protected.