Skip To The Main Content

Who should be responsible for your business’ cyber security?

Cyber security is an important aspect of running a business. Customers want to know that their data is secure and that they can trust a business, while business owners and managers will want to know that their company is safe and protected from expensive and damaging data breaches.

To help you keep your business safe, this blog from FSB looks to discuss who amongst your company should be responsible for handling your business’ cyber security.

Who should be responsible for your business’ cyber security?

Designated cyber security staff

A well-thought out and effectively implemented cyber security policy is a vital part of ensuring your business operates safely and isn’t at risk of any dangerous and potentially expensive data breaches.

It might be beneficial for your business to appoint one senior staff member who is responsible for managing your cyber security. This includes your data handling policies, and ensuring best practice is maintained throughout your business, day in, day out.

In fact, a designated cyber security officer can be seen as useful for many businesses. Findings from The Global State of Information Security Survey 2016 found that 54% of businesses had appointed a designated Chief Information Security Officer (CISO) to handle their business’ cyber security.

Perhaps it’s not that you need to specifically hire someone to take on the majority of your cyber security obligations, but more about having someone in your business with cyber security as a key consideration of their role. This could particularly be the case if your business’ size is small and hiring a specific full-time staff member for cyber security would make relatively little sense.

You could consider amending the duties of some of your existing management staff. For example, one could be given fewer responsibilities in the day-to-day operation of your business in exchange for serving as your business’ cyber security expert.

Shared and equal responsibility to protect the business

While a designated CISO can be a great asset to your business, making sure your company is safe is just as much the responsibility of your other staff, too.

For example, in an effort to reduce the risk of malware, your CISO might implement a policy that states no external USB devices should be connected to work PCs unless cleared by the business first. If a staff member doesn’t follow this policy, whether they ignored it or were unaware of it for any reason, your business is still liable in the event of a data breach. This could lead to expensive claims taken out against your business by those affected.

A cyber security insurance policy can be particularly helpful to help reduce the legal costs and disruptive impact of a security breach. However, NTT Security’s 2016 Risk:Value Report found that policies could be invalidated for lack of compliance, a lack of an incident response plan, and poor physical security. This shows that good cyber security should cover more than just the data itself.

Essentially, effective cyber security policies should go hand in hand with well-trained and informed staff. They should also detail what you’ll do in a worst-case scenario to minimise disruption and ensure your insurance policy will protect you in such a scenario.

Perhaps, upon appointing your CISO, you could also organise a training event where a cyber security expert could give a talk to your staff about exactly why cyber security is so vital to businesses. They could also discuss ways that staff can ensure they remain vigilant and your business stays safe and protected.

If all staff know the potential risks to your company and customers, and they know best practice for keeping safe, it will help ensure you don’t have to deal with the fallout of a costly data breach, which can cause significant financial and reputational damage.

How can FSB help with your cyber protection?

Cyber security can feel like a broad topic to cover, especially when it comes to your business and wanting to be as safe as possible so that no expensive and dangerous data breaches occur.

That’s why FSB’s Cyber Protection service is on hand to provide advice and support, helping to ensure your business is secure and protected. Some of the benefits of this service, which are included as standard in our FSB Business Essentials package, are:

  • Unlimited use of the FSB Data and Cyber Advice Line, manned by cyber security experts
  • Easy access to online information on a range of data and cyber security matters, including how to respond to a ransomware attack, along with security policy templates and guidelines
  • Up to £10,000 cover for third-party claims. This covers your legal liability for damages and costs following a claim brought against you for a cyber-attack, data breach or e-media issue

To find out more about this service, please take a look at our FSB Cyber Protection page. To see the other features and benefits of this package that you could make use of, head to our FSB Business Essentials page. Alternatively, our package comparison page will show you the other packages and features that are available to you.

Cyber Protection from FSB

FSB Cyber Protection includes an insurance policy with cover of up to £10,000 and an unlimited use helpline to answer all your Cyber Security questions.

Find out more