You’re at stage four. At this point in your cyber security journey (as laid out in our recent report) your organisation has done most of the hard work. You’ve overcome the ‘Denial’ and ‘Worry’, and you’ve got past ‘False confidence’. You’re now at the final hurdle. But, unfortunately, it’s a high one.
Stage four of your cyber security journey is ‘Hard lessons’. And yes, it is as ominous as it sounds - but get through it and your security will be in the best place possible.
Put simply, stage four is a successful attack on your network. It’s a sad fact that, no matter how successfully you navigate the first three stages, you will, at some point, be breached.
Being on the losing end of a cyber attack can be hard to take. And that’s understandable; after all, you’ve put a huge amount of money and effort into staying secure. But there are positives to consider.
First, you have to realise that the money you invested in security should, if you followed best practice, have prepared you for this situation. So your investment wasn’t money down the drain.
Second, remember that an attack is a learning experience for your organisation. If your preparations for an attack were in place, the ramifications of the attack shouldn’t have been too terrible. So stay calm, analyse what happened, and use any insight to prepare for the future attacks.
The best thing about the ‘Hard lesson’ stage is that you no longer have to worry about what it would be like to suffer a cyber attack. It happened, you survived it, you learned from it, and your organisation is better off because of it.
At this stage you might want to consider outsourcing your security. If you do, my advice is to treat your outsourcer as a partner; work with them, but always make sure you have someone with overall accountability.
You should also think about taking out cyber insurance, in case of any further attacks. But remember that you still need to have tight control of your security processes and technology - insurance alone won’t cut it. If you want to find out more about this type of insurance, you can read further on page 17 of our report.
Essentially, this is where your thinking on security is likely to become more flexible, and responsive to ever-changing threats, as you learn that rigidity and compliance aren’t quite enough.
Congratulations. If you’ve been through the entire journey thus far, you’ve got through the hardest parts. And the hard lessons you’ve learned have set you up for the final stage. It’s called ‘True leadership’, and I’ll go into what it means in my next blog, so stay tuned.