Home Cyber Cybersecurity is more than a box ticking exercise

Cybersecurity is more than a box ticking exercise

by Andy Clutton

Chris Stouff, Chief Security Officer for Armor explains why cyber security mustn’t be regarded as a box ticking exercise

With a growing number of cyber security breaches happening every day, it is obvious to see that for some organisations their defences just aren’t working. But why is this the case? Many of these organisations are employing highly skilled experts, investing in software, and adhering to established compliance frameworks—yet they still fall victim to devastating attacks.

The problem often lies in a fundamental misconception; viewing cybersecurity as a standalone task rather than a deep-rooted corporate commitment. Even the most advanced tools and skilled teams can fall short if cybersecurity is treated as a box-ticking exercise rather than a strategic, organisation-wide priority.

Take the recent case with Marriot and Starwood for example, who experienced multiple breaches between 2014 and 2020 putting the data of millions of customers at risk worldwide.

Their catastrophic security failures were mainly due to fundamental lapses in basic security hygiene and a tick-box approach to cyber security on the whole. Even their settlement with the FTC simply mandates the implementation of more essential security functions such as multi-factor authentication and encryption, failing to address underlying systemic issues or prioritise meaningful security outcomes.

Whilst they provide valuable guidance, relying solely on compliance frameworks will not fully address the risks of modern cyber threats. Proactive cybersecurity requires organisations to go beyond checkbox tasks and instead focus on prevention, detection, and rapid response, embedding robust practices into the organisation’s culture.

Cybersecurity isn’t just about preventing attacks; it’s also about ensuring that strong recovery and resilience strategies are in place. Cybersecurity is one of the biggest risks posed to companies today yet many don’t even include it in their risk management processes.

Companies should be more focused on implementing Managed Detection and Response (MDR) and a Security Operations Centre (SOC), deploying advanced anti-malware solutions and enforcing strict access controls. Developing and regularly updating comprehensive strategies to respond to and recover from cyber incidents are also essential measures.

Technology alone cannot address cyber security challenges; organisational culture plays a crucial role. Encouraging a vigilant mindset amongst employees, implementing regular cybersecurity training sessions and having a strong governance and risk management programme that establishes clear guidelines and procedures about expected behaviour are essential.

A business’s cyber security is only as strong as its weakest link, and supply chain vulnerabilities can also introduce significant risks. Businesses should pay thorough attention to their supply chain and the standards of cyber security provision adopted within it. This involves vetting suppliers for cybersecurity practices and ensuring that all third-party interactions adhere to stringent security protocols.

Cybersecurity is not a one-off task but an ongoing commitment that should be deeply embedded into the fabric of an organisation. By moving beyond a box-ticking mindset and adopting a proactive, comprehensive approach, businesses can better safeguard their operations, customers, and reputation. In today’s threat landscape, cybersecurity must be a strategic priority, not just a compliance checkbox.

You may also like

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More