Blog · 03 Dec 2017

Your cyber security journey: Stage three - ‘False confidence’

We’ve gone through stages one and two of the cyber security journey: ‘Denial’ and ‘Worry’. Now, Mark Hughes takes a look at the third, and perhaps most difficult, stage — ‘False confidence’.

Former president of BT Security

Think you’re secure?

You’ve got over the ‘Denial’ and ‘Worry’; you’ve looked at your security processes and invested in technology as well as a Chief Information Security Officer (CISO).

What next? Sit back and relax? Unfortunately not.

Now you’re at the ‘False confidence’ stage of your cyber security journey — and that means you could be in a perilous position.

Deciphering the danger

According to our report, ‘False confidence’ is the stage in your cyber security journey where you think you’re secure and therefore relax your defences. In today’s dangerous threat landscape, that’s not a good idea.

Sure, you might have employed a CISO, but are they actually qualified and experienced enough to guide your organisation, rather than just guard it? Yes, you have well-developed playbooks in case of an incident, but are they flexible enough to deal with threats that nobody’s even heard of? And, if you get hit by a ransomware attack, do you know if you’ll pay up? If not, who makes that decision?

These are all tough questions for your organisation to answer — but they’re necessary if you’re to move forward in your cyber security journey.  

The question then is: what can you do to get over this false confidence?

What to do next

The most important recommendation I can make is to check your assumptions.

Any area of your security that you’re confident with — look at it again.

Make sure your processes are flexible enough to change quickly when needed, i.e. if you acquire a new business. And remember that you’re only as strong as your weakest link, so make sure your policies are followed by your suppliers too (as they can act as backdoors for cyber criminals).

Last, but not least, make sure that your board and CEO lead by example — championing your security processes (and adhering to them).

It might sound like a lot of work, and it is. But get it right, and you’ll be on your way to the end of your cyber security journey. Before you get there though, you have to get through the next stage, which could be the most disruptive yet, and definitely will cause the most upset at your organisation. It’s called ‘Hard lessons’, and you can find out more about it in my next blog article.


Related content


Make security integral to your business


Five steps to cyber security leadership

BT image banner
Download full report

Your cyber security journey: Stage four - ‘Hard lessons’

We’re nearing the end of our blog series on the cyber security journey. But before we get there, we have to go through the toughest part of the process…