Call us on 03450 21 21 51

A reactive mindset is today’s biggest threat to data security
The SRM Blog

A reactive mindset is today’s biggest threat to data security

Share this article

reactive mindset threat to data security

What constitutes a cyber-mature organisation? Here’s a clue: it has nothing to do with size or age, sector or niche specialism, whether it is online or has a physical shop presence. It has everything to do with the corporate mindset. The cyber mature organisation is one with full board-level buy in. But, above all, its approach to data security is proactive rather than reactive.

Consider the alternative: the reactive mentality. If an organisation delegates all data security responsibility to the IT department, providing only sufficient resource to pursue regulatory and legal compliance standards, they are at risk. This is because complacency is the biggest threat to data security in the UK today and the greatest trap into which many organisations fall; believing that if they are compliant, they are secure. They are not. In an ever-evolving digital world the threat to data security continues to grow and if a breach occurs, then being compliant provides little in the way of defence. All they can do is to react to the crisis as best they can.

The cursory glance at the news reveals any number of headline stories detailing devastating breaches, hefty fines and chaotic attempts to remedy the situation. If we consider how those organisations were affected, it was not just the impact of the fines imposed, but also the damage inflicted on reputation and customer confidence. In fact, statistics from the National Cyber Security Alliance show that 60 percent of small and mid-sized businesses go out of business within six months of a breach. The impact on large corporates and organisations can be just as devastating.

This is not to undermine the need for compliance. Far from it. Those who meet the regulatory and legislative requirements for their industry are of course better placed than those that do not. Data security is however, not simply a question of compliance. It is a question of being cyber savvy and, among other things, that means taking a proactive stance. It also includes investing time and dedicated resource.

There are a number of issues which are holding organisations back from being proactive when it comes to data security. The main one is board-level engagement. The fact is that IT leaders find it a challenge to get their boards to spend money on cyber and data security programmes. There is a reason for this. Many tell us that obtaining buy-in for data security programmes is made difficult because of a lack of understanding from their boards, whether this is in terms of not understanding the damage to BAU, reputation, potential fines or otherwise.

Yet well-informed board directors see an investment in data security as a justifiable business expense. They understand that an agile, proactive cyber defence strategy represents a significant investment but that this is set against the potential level of fines and the subsequent damage to a business that a breach could bring. In this context, any cost is seen as relative.

What’s more, if a data security strategy is precisely scoped and focused, the investment will pay dividends because of the additional layer of expertise brought by specialist consultants, which add value and can even help to reduce costs over time. Their varied sector knowledge and experience can drive an initial testing programme so that business vulnerabilities are discovered before they can be exploited. Intelligence is then gathered to help shape a well-planned, cost-effective, ongoing data security solution, meaning they will not be asked to buy products or services they do not need. Just the ones they do.

It’s perhaps inevitable that there is always a surge in demand for data security services following a high profile breach. We read the shocking figures of organisations affected and fines levied and this can go a long way to focusing board level attention. Although this is another form of being reactive, it may have the positive result of helping those responsible to exert the influence required at board level to pursue a proactive forward-thinking strategy.

If you would like to find out more about data security and SRM’s consultancy service then please speak to Laura Chatton on 03450 21 21 21 or

Or visit our website.

Follow us on Linkedin.

Or read our blog:

Virtual CISO: too good to be true?

PCI compliance is like car maintenance: it’s not just an annual event

Back to top