Focusing only on technical solutions is equivalent to leaving home without your trousers on. Governance is equally important.


NINETY percent of smokers will die or become ill because of their habit. They all know this. Yet many will convince themselves that they will be part of the 10% who don’t. When it comes to cybersecurity, the question is not whether a company will be attacked but when. Those who ignore this simple fact are probably crazy, stupid or incompetent. There is no patch for any of these. Adopting the ostrich approach will only prevent you seeing it coming – and give the hacker a more interesting view as he approaches. The kernel of any good cyber defence is a simple, well-crafted governance regime. Identify the threat, quantify the risk and array defences accordingly.

The magic ingredient is always proactive engagement on the part of management. Below that, cyber-security must be an, “everyone all of the time”, situation. Drop your guard and a hacker will spot and exploit the vulnerability in a moment. Governance – rules, processes and procedures – must be clear, concise, written in plain language, effectively promulgated and effectively applied. No exceptions.

Training and education must take place, which might be a drag and seem expensive but neither of those consequences are worse than the company going to the wall because you didn’t do the simple things. Even the smallest enterprise needs to ensure that their people know what they need to know and do what they need to do.


The kernel of any good cyber defence is a simple, well-crafted governance regime. Identify the threat, quantify the risk and array defences accordingly.

Unsporting hackers spoof email addresses/links to make them look innocuous. If you are busy, tired, or both, how easy is it to make that mistake of opening one of these? Some estimate that as many as 95% of all hacks begin with a phishing attack. Well maintained cyber-security tools and a structured update and patching programme are vital. But this will only help as part of a concatenated plan that has, at its heart, good governance. That plan, is what will save you from a heap of misery on the day that the hackers visit. Management must be clear about what they will do in the event of a cyber breach and they will need to have practised it. A potential problem will quickly become a full-blown crisis if the response is inadequate. No plan? You have an 80% chance that you will soon be just a statistic.

Andrew Taylor

CEO of Bronzeye IBRM

BronzeyeIBRM offers an affordable monthly subscription-based information and cyber security service to SMEs and others.