By John Gillies, Lead Cyber Security Assessor, Converged Communication Solutions.

For those of us in our middle years this proclamation was something we heard all too regularly in the local bar or restaurant. Everyone loves to go out and enjoy themselves but back in the day and after a few glasses of selfishness, we were more interested in saving the taxi fare home than we were about the consequences for others of being drunk behind the wheel.

This culture was all pervading back in the 70s especially, and for a full on Tuechter like me, well into the mid-90s.

The drink drive laws which culminated in the Scottish Governments’ 2014 drink drive legislation, mean that a half lager or small glass of wine will take you over the limit. Fast forward 5 years and gigantic shifts in culture have resulted in most people drinking no alcohol at all when they know they are going to drive. This of course now extends to the day after the night before. The point is that nobody really thinks that this is acceptable behaviour anymore. The facts bear this out, since 1979 there has been a huge drop in casualties. In the preceding years though, the general approach to risk was to do it and then open the first aid box afterwards.

In 1974, the UK Government got to the end of its tether with all things Health and Safety (or lack thereof) and the Health and Safety at Work Act was born. Since 1974, the number of lost time incidents and fatalities in the workplace has fallen from 2.5/100000 workers to 0.5/100000 workers. More importantly, the culture of the workplace has now aligned with regulations, and as with drink driving, it’s seen collectively as unacceptable to do things that used to be the norm.

The biggest risk that businesses face in 2019 are cyber security incidents

As per the article here, businesses around the world see cyber based threats as their number 1 risk. Business leaders, legislators and the general public are all growing increasingly concerned. Recent high-profile hacks and data breaches highlight the need for organisations to take this threat more seriously and intervene to proactively mitigate the risks. The UK government has worked closely with the EU to create compliance requirements such as GDPR and NIS to push organisations towards better cultures that help to mitigate well known threats. The punitive fines that are a part of this approach are already having an effect – Facebook recently being fined £48m Euro by the French Information Commissioner – setting a loud example.

“Aye, but it won’t happen to me, I’m just an SME”

Aye it will!

SMEs are the most exposed organisations to these threats and are where most undetected breaches occur. At the point where a breach is identified, it’s already too late. Preventative action is by far the best approach and to this end the UK Government, through the National Cyber Security Centre, set up the CyberEssentials certification scheme.

As in the case of drink driving or health and safety, we unfortunately don’t seem to take the hint, and a fine based legal structure is needed to get us all to change. An example of the increasing incidence of cyber threats and breaches is shown below, you can see why the GDPR and other laws have been instigated.

The threat is increasing every year as are the negative consequences of inaction. At this rate cultural acceptance of legal obligations and the backlash against those companies which fail to meet minimum standards, will happen quicker than the aforementioned examples.

As for us, we practice what we preach and are uniquely positioned to support businesses in their mission to maximise their defences. In addition to an experienced and qualified team of cyber professionals (including our very own ethical hacker!) we are a Certifying Body for the CyberEssentials scheme (designed to help SME’s identify and rectify security weaknesses) and a trusted partner of the Scottish Business Resilience Centre. This allows us to help you strengthen your cyber resilience as well as gain a recognised certification standard.

What’s more, until October 2019, the Scottish Government is funding up to £1000 per organisation to gain CyberEssentials, potentially making the effort cost free. Think how many pints those savings could buy. Just don’t bring the car please.

Find out more about CyberEssentials and current funding announcements here.