A best practice guide for SMEs on cyber security investment decision-making
“Board members & executive members, instead of just IT staff, should look over cyber security as a strategic business issue.“
Nine recommendations for SMEs about cyber security investments:
1. Shift in mindset to perceive cyber security as a Competitive Advantage and a Business Enabler.
2. Educate executives about cyber security.
3. Appoint a cyber security ambassador among executive members.
4. Adopt a risk-based approach to cyber security.
5. Understand the full cost of a cyber security breach.
6. Other important factors to consider: technical support availability, trust in a security vendor etc.
7. Identify a set of cyber security metrics that fits a company needs.
8. Get a cyber security certification as it is a valuable marketing asset.
9. Customer requirements drive the strengthening of cyber security.
More about Yulia
Dr Yulia Cherdantseva is a Lecturer at the School of Computer Science & Informatics at Cardiff University. Yulia worked as a lead researcher on the project “Supervisory Control and Data Acquisition Systems Cyber Security Lifecycle (SCADA-CSL)” funded by the Airbus Group Endeavr Wales and the Welsh Assembly Government, where she developed a novel SCADA Cyber Security, Safety and Risk (SCADA CSSR) graphical extension for BPMN 2.0 and a configurable dependency model of a SCADA system. In 2020-2021, she led an NCSC and RISCS funded project about cyber-security decision-making by SMEs which resulted in the development of the Best Practice Guide for SME in Cyber Security Investment Decision-Making. In 2021, she was awarded an EPSRC grant for developing a framework for risk-informed and metrics-enriched cybersecurity playbooks for enhancing CNI resilience. Yulia is a cyber skills lead at the School and is interested in cybersecurity education from the primary school up to professional development level. From May 2021, Yulia is a member of the CyBOK Executive Board. Yulia is passionate about equality and diversity in cybersecurity.