The head of the UK’s National Cyber Security Centre (NCSC) has urged organisations to ensure they understand cyber risks, as a survey reveals mid-sized firms have inadequate cyber protection
The head of the UK’s National Cyber Security Centre (NCSC) has urged organisations to ensure they understand cyber risks, as a survey reveals mid-sized firms have inadequate cyber protection
The most important thing leaders of organisations can do is to stop being afraid of the problem and try to understand it, according to Ciaran Martin, chief executive of the NCSC.
“For too long, cyber security has been shrouded in mystique and fear – that’s not helpful,” he said in the annual KPMG lecture, hosted by Queen’s Management School and the Chief Executives’ Club at Queen’s University Belfast.
“Attacks are about return on investment, and cyber defence is about risk management and harm reduction,” said Martin.
“When you put it like that, it doesn’t seem so completely daunting. There’s plenty we can do to manage the risk. So simplify, simplify, simplify. Understand the risks and take action that you understand to manage them,” he said.
Digital attacks are a real risk to economic wellbeing in Northern Ireland and its citizens, warned Martin, because they can cause widespread disruption to individuals, companies and public services.
“There’s some great work going on around Northern Ireland, for example at Queen’s, and we need strong partners across the whole of Northern Ireland society to combat the threat. That’s the way to make Northern Ireland one of the safest places to live and do business online,” he said.
Facing the challenge
Given that cyber attack is about return on investment (ROI) for the attacker and risk management for the defender, Martin said the NCSC’s job as the national authority for cyber security is to do what it can to help take away as much of the harm from as many of the people as often as possible.
