I walked into a business the other day. After a long conversation about the client’s need for cybersecurity and the implementation of the ISO27001 security standard, we talked about their risk appetite.

“We don’t accept any risk. We’re risk-averse” said the CEO. But, is this achievable?

Given the complexity of our modern world, with diversity in the people, locations, services and technologies, can any organisation be totally risk-free, and therefore, can any business be totally free of the risk of a data breach?

The simple answer is no. It’s not possible.

What is Risk?

Why is the topic of risk so important? Because it is at the heart of everything, we do. We are ALL risk managers and risk takers. Allow me to illustrate:

• Going for a jog? – Risk of injury, health issues arising, being late for a meeting.
• Crossing the road? – Risk of tripping, being hit by a car/pedestrian/cyclist
• Making a cup of tea? – Risk of burns, spillages, not getting it right for your partner!
• Starting a business? – Risk of failure, growing too quickly, neglecting personal life.
• Going on holiday? – Risk of bad hotel or terrible weather.
• Driving to work? – Risk of accident, car problems, traffic delays.
• Running a business – Risk of wrong/poor services, losing clients, data breaches.

These are just some of the possible examples. But the list goes on. We are taking risks from the moment we wake to the moment we go to bed at night.

Risk is unavoidable; therefore, we have to accept some level of risk and focus on the ones we cannot fully control. What we are actually looking to do is manage our exposure to risk.

Can organisations be free from the risk of a data breach?

Even though I’m a cybersecurity consultant, helping organisations (Read more...)