Lasting change in the private sector’s attitude to threats is key to achieving better cyber security, says APMG

Lasting change in the private sector’s attitude to threats is key to achieving better cyber security, says APMG

GCHQ seeks to draw line under the UK organisations’ poor cyber strategies

In a speech delivered to CESG’s IA15 conference last week, Robert Hannigan, director of intelligence and GCHQ, declared that the international market for cyber security is flawed, as the provisions of cyber security measures do not meet the demand, assuming there is significant demand at all.

Usually reluctant to speak publicly, Hannigan’s warning to the UK’s public and private sectors comes at the same time as GCHQ recently disclosed climbing cyber crime statistics. The British intelligence agency now identifies 200 major cyber attacks every month, double last year’s figure.

According to Richard Pharro, CEO of APMG International, CIOs and CISOs should use Hannigan’s speech as a means of raising the importance of improved security strategies with the board as an important first step towards establishing a safe online culture across their organisation.

Richard Pharro, commented:

“To prevent these numbers creeping up, and reflecting on the balance sheet of large UK businesses, it’s essential that organisations take a proactive approach to securing their infrastructure. Hannigan recognises CIOs and CISOs in UK organisations simply aren’t keeping up with the pace of change, and so are increasingly overwhelmed by the threat of cyber attacks.”

Pharro continued:

“Although time and again the latest hack is dutifully followed by a flurry of public statements making claim to a renewed focus and tightening of internal security standards, most organisations have already proved there is far too much inertia in the industry for a large scale cyber attack to have a meaningful impact on changing behaviours. The carrot and stick assumption that companies have continually worked to improve their security is now inappropriate; security strategies cobbled together in response to the latest threat simply aren’t enough. Instead, to achieve coherent and sweeping change, business leaders must assume greater responsibility for the security of their data.”

In order to instigate this widespread change, Hannigan suggested the introduction of disclosure requirements for businesses along with greater liability and tougher regulation of standards.

“Any large-scale attack could threaten jobs and detract from the credibility of big business, however, there are wider implications to organisations not directly embroiled in the hack. BT’s Chief Executive believes the TalkTalk hack, for instance, could have caused a lasting loss of trust in the telecoms industry as a whole. While companies have traditionally been thought to provide adequate security, ‘adequate’ security in some boardrooms is defined by the actions of cyber attackers, rather than the proactive security strategy put in place across the organisation.”

However, one of Hannigan’s key messages was that it is not the government’s job to prevent risk among organisations.

Pharro continued:

“Companies invite instability into their infrastructure through an incomplete, reactive approach to the protection of their systems. By their nature, the methods hackers use to approach a company’s infrastructure continually change, so organisations are required to mitigate the threat of new attacks as though these attack vectors have already proven to have breached defences elsewhere.

“The onus is on the private sector to account directly for imperfections in security strategies. With cyber assessment tools, such CDCAT (Cyber Defence Capability Assessment Tool), appetite for risk and the degree of control an organisation has over their infrastructure can be identified with a view to improving preparedness in the case of an attack. Only with this information is it possible for CISOs to raise the importance of cyber security with the Board,” he concluded.

[su_button url=”http://www.apmg-international.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about APMG International[/su_button]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Defensive AI safeguards against cyber threats

Defense Initiative to enhance global cybersecurity underscores the importance of defending against increasingly sophisticated and pervasive cyber threats…

Bridewell in Microsoft Security Copilot Partner Private Preview

Bridewell today announced its participation in the Microsoft Security Copilot Partner Private Preview. Bridewell was selected based…

Evanssion and ThreatQuotient Join Forces

A renowned cybersecurity and cloud-native security VAD in the Middle East, Evanssion, has just announced a strategic

Most cyber attacks in Middle East involve spyware

Positive Technologies has analysed the attacks carried out on individuals in Middle Eastern countries between 2022…
Neustar

New DNS detection from Neustar

Neustar Security Services, a provider of cloud-based security services that enable global businesses to thrive online, is introducing UltraDDR…
Acronis

Acronis seals partnership with Fulham FC

Acronis, a global cyber protection company, has announced a three-year partnership with London´s oldest professional football club, Fulham FC…
Acronis

Acronis Cyber Foundation celebrates five years

Acronis is proud to celebrate the fifth anniversary of the Acronis Cyber Foundation Programme, a set of philanthropic initiatives designed to engage…
NAKIVO

NAKIVO releases v10.8 with vSphere 8 Support, MSP Console and Hybrid Cloud Backup

NAKIVO Backup & Replication v10.8 marks another major milestone in NAKIVO’s drive toward more reliable data protection for today’s business…
Scroll to Top