How to procure cyber security

Cyber security (or, rather, the lack of it) is often in the news these days and for good reason: according to The Hiscox Cyber Readiness Report 2019, the majority (61 per cent) of the firms it surveyed reported they had a cyber incident within a 12-month period, up from the 45 per cent seen in last year’s report. The report also noted that progress on “cyber preparedness” appears to have stalled, with nearly three-quarters of those businesses it surveyed “failing to reach our threshold for expertise in any area”.

So, what’s to be done? A natural place to start is your cyber security budget. James Bore, IT security manager at Merlin Entertainments, says this is industry-dependent, and adds “[the figure] that gets bandied around is [that] 10 per cent of IT budget is your ideal spend [on cyber security]. Big financial banks, defence companies and similar [organisations] might stretch to up to 13 per cent… [this] is a bit excessive, it tends to go more towards the latest whizzy tools than effective security. A small accounting firm or smaller business can get away with maybe three to six per cent. Three per cent should be the absolute minimum you’re looking at spending in any environment because you really can’t do much for less than that, [especially as] you have to factor in the people who need to do it as well.”