Only 21% of organisations are very confident in their organisation’s current approach to cyber security, according to data gathered during a recent ICAS (Institute of Chartered Accountants of Scotland) webinar co-hosted by Lugo and Mitigo during CyberScotland Week 2024. The webinar (which you can view here: https://tinyurl.com/LugoICAS) which attracted around 100 attendees, also revealed that over half of respondents felt only somewhat prepared to handle the latest cyber threats. These findings highlight the critical need for effective leadership in building robust cyber defences within organisations.

Leadership’s Unwavering Responsibility: A Legal Requirement

As an organisation who currently has responsibility for cyber security? The central theme of the webinar emphasised the critical role of senior leadership in establishing and upholding cyber security within organisations. While the poll conducted during the webinar revealed diverse perspectives on who holds responsibility (with 19% indicating the senior leadership team, followed by other options like third-party providers and internal IT teams), it’s crucial to remember that directors ultimately hold legal accountability for managing cyber security risks effectively, as detailed in the UK Companies Act 2006 (specifically, Section 172). This legal requirement underscores the unwavering responsibility of senior leadership to prioritise cyber security.

Here we explore the key takeaways and incorporate valuable insights from quantitative data gleaned from this webinar on cyber security awareness and preparedness. Graphical insights are included below.

Remote Work Rush: A Security Gap Waiting to be Exploited

The findings suggest that the business was not widely prepared for the shift to remote work that the COVID-19 pandemic necessitated, with 40% of respondents indicating that their organisation was not comfortable at all with remote working before the COVID-19 pandemic. This suggests that a significant portion of organisations lacked the necessary infrastructure or culture to support remote work effectively.

The COVID-19 pandemic has had a significant impact on the way that businesses in Scotland use technology. The shift to remote work and the need to adapt to new ways of working have likely driven the increased reliance on IT. The vast majority of respondents (over 97%) indicated that their organisation’s dependence on IT has increased since the pandemic, having become more reliant on IT in order to function effectively in the new remote work environment.

The pandemic forced a rapid shift to remote work, and many businesses simply weren’t ready. This lack of preparation likely led to shortcuts and insecure work arrangements. While the priority was keeping the business running, security may have been overlooked. This creates a vulnerability that cyber criminals can exploit. Now, as businesses settle into a hybrid work model, it’s crucial to take a step back and reassess your security posture. This is where Zero Trust comes in.

While some organisations are leading the way with cyber security by implementing a Zero Trust approach, many others seem unsure. Zero Trust means never automatically trusting anyone or any device trying to access your network, constantly checking their identity and permissions. Half of those surveyed weren’t sure if their business has adopted a Zero Trust approach to cyber security, and a quarter said they definitely haven’t. This suggests there’s a need for more cyber education around this change in mindset to a Zero Trust approach to data security.

Shared Awareness, Engaged Workforce

While leadership holds ultimate accountability, the data also highlights the importance of fostering a culture of shared awareness within the organisation. Nearly a third of respondents indicated their organisation relies on a third-party provider for cyber security, highlighting the value of external expertise. However, over a quarter rely on their internal IT team, and almost a fifth involve any employee with access to systems. This underscores the need for clear communication and ongoing education to equip everyone with the knowledge and vigilance to identify and report potential threats.

Building Resilience: A Leadership-Driven Approach

The presentation emphasised the importance of building organisational resilience against cyber threats, supported by over 60% of respondents indicating they are only somewhat prepared to handle the latest threats. This leadership-driven approach to building resilience involves three key areas:

Establishing a clear cyber security strategy: Aligning cyber security measures with organisational goals and risk tolerance is crucial. Leadership plays a vital role in defining this strategy and ensuring its implementation.
Implementing robust security measures: This encompasses technical controls (such as those implemented through Cyber Essentials certification), user education, and incident response plans tailored to the organisation’s specific needs. (See CyberScotland’s Incident Response Resources). Leadership plays a key role in allocating resources and approving the implementation of these measures.
Continuous learning and adaptation: Regularly reviewing and updating security practices is essential to stay ahead of evolving threats. Nearly half of respondents indicated a need for further learning on various topics, including risk management, new threats, and multi-factor authentication. Leadership can facilitate this learning by providing access to training resources and encouraging knowledge sharing within the organisation. It is important to remember that everyone has a role to play in cyber security, and organisations should strive to create a culture where employees feel comfortable reporting suspicious activity.

Collaboration for a Secure Future

Lugo’s keynote presentation at the ICAS webinar concluded with a call for continuous learning and collaboration within businesses. Sharing knowledge, best practices, and resources, as facilitated by events like CyberScotland Week, can significantly enhance collective cyber resilience. By embracing their unwavering responsibility, fostering a culture of shared awareness, and implementing data-driven security measures, senior leadership teams can create a more secure and resilient digital environment for their organisations.

Data Dive: Fresh Insights Uncovers Need for Cyber Leadership in 2024

As an organisation who currently has responsibility for cyber security?

Are you ready to take your organisation’s cyber security to the next level?

If you feel like you need some support to improve your organisation’s cyber resilience, we’re here to help! Book a free initial call with one of our experienced team at a time to suit you: Book an Appointment

Cookie	Duration	Description
__RequestVerificationToken	session	This cookie is set by web application built in ASP.NET MVC Technologies. This is an anti-forgery cookie used for preventing cross site request forgery attacks.
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_24228616_3	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
CONSENT	16 years 5 months	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

Cookie	Duration	Description
AADNonce.forms	session	No description available.
DcLcid	3 months	No description available.
FormsWebSessionId	1 month	No description
undefined	never	No description available.
usenewauthrollout	1 month	No description

Leadership’s Unwavering Responsibility: A Legal Requirement

Here we explore the key takeaways and incorporate valuable insights from quantitative data gleaned from this webinar on cyber security awareness and preparedness. Graphical insights are included below.

Remote Work Rush: A Security Gap Waiting to be Exploited

Shared Awareness, Engaged Workforce

Building Resilience: A Leadership-Driven Approach

Collaboration for a Secure Future

Data Dive: Fresh Insights Uncovers Need for Cyber Leadership in 2024

Are you ready to take your organisation’s cyber security to the next level?

Need technical support?

Log a ticket here:

Cyber Security: Why Senior Leaders Need to Take Charge in 2024

Leadership’s Unwavering Responsibility: A Legal Requirement

Here we explore the key takeaways and incorporate valuable insights from quantitative data gleaned from this webinar on cyber security awareness and preparedness. Graphical insights are included below.

Remote Work Rush: A Security Gap Waiting to be Exploited

Shared Awareness, Engaged Workforce

Building Resilience: A Leadership-Driven Approach

Collaboration for a Secure Future

Data Dive: Fresh Insights Uncovers Need for Cyber Leadership in 2024

Are you ready to take your organisation’s cyber security to the next level?

Related Posts