Basic questions that all business leaders need to ask about IT risks: Ben Moorhouse
The Bill is being introduced in response to the increasing frequency and severity of cyber-attacks which we’ve recently seen affect critical functions of the Ministry of Defence, the British Library, Royal Mail, and most recently, the NHS.
While I applaud the UK government taking action to mitigate this serious threat to our infrastructure, those at the top of businesses also need to take notice.
Advertisement
Hide AdAdvertisement
Hide AdMany company leaders lack the familiarity with business systems to adequately assess cyber risks in their business asking the IT team ‘Are we protected?’ with ‘Yes, we’ve Cyber Essentials, ISOs and the last time any disruption happened we were fine’ being the response. It’s difficult to go beyond that without knowing what to ask.


Until an attack happens. Like house insurance, it is only after a burglary you realise what the true impact is.
One of the reasons is that there is no easy framework for IT. Take Health and Safety, with straightforward certificates and policies that can be easily adhered to and a regulator that strikes the fear of god into most businesses if not. There is no real equivalent for cybersecurity risk management and yet the risks to your business are just as critical to your customers, employees and shareholders.
It is easy for business leaders to assume if they use ‘big cloud hyperscalers’, they are compliant, backed up and safe. Cloud services are a tool, and it is down to you to make them safe.
Advertisement
Hide AdAdvertisement
Hide AdThe recent IT outage was a big wake-up call. It demonstrated the impact of a global outage. If you have critical systems, you should consider that cloud-hosted systems could pose a heightened risk factor in your IT profile assessments.
I work for Claritas Solutions, a Wetherby-based IT company and we see businesses sleep-walking into cloud-based services they assume are safe and impenetrable because everyone else is doing it. The problem is, as we saw, when everyone else is doing something, everyone is impacted when things go wrong.
At Claritas Solutions, we have UK-based data centres and none of your data or traffic is routed overseas.
Here are some basic starter questions you can ask in your business to assess the level of security you have in place and more importantly, whether it is at the right level for your business.
Advertisement
Hide AdAdvertisement
Hide AdThey are: How do you manage IT risk? How do you protect your business against cyber-attacks and how often is it tested? How do you detect incidents once they’ve happened and how are they reported to you? How do you get yourself back up and running afterwards?
Knowing these answers may start to help you understand your business’s current risk exposure. Having a single provider for core critical systems is always a risky strategy that needs careful consideration, with built-in robust mitigation capability in the event of failure.
Take time to seek a deeper understanding of IT risks in your business and responsibility for them, asking these four questions today to help prevent future cyber attacks.
Ben Moorhouse is Head of Sales for Claritas Solutions
Comment Guidelines
National World encourages reader discussion on our stories. User feedback, insights and back-and-forth exchanges add a rich layer of context to reporting. Please review our Community Guidelines before commenting.