Firms’ cyber controls ‘not fit for purpose’, Oxford Uni report says

Cyber risk security controls that meet international standards like CSC20 might not be fit for purpose. This is one of the findings of a white paper produced by the University of Oxford and Novae Group.

Academics, led by Professor Sadie Creese, at Oxford’s Department of Computer Science and the Saïd Business School found that the standards set by international bodies are often not backed up by objective, empirical research, and so cannot be shown to have quantifiable benefits. This shortfall weakens the value of compliance to risk control standards because a compliant organisation may not be protected from cyber-related harm.

Chief innovation officer and head of cyber at Novae Group, Dan Trueman, said businesses are not well prepared for data/software damage and this research demonstrates cyber controls which some companies adopt might not be fit for purpose. "Much more needs to be done to understand the risk environment and prevent the potential damage to organisations from this threat."

“Insurance alone cannot manage cyber risk; we need a holistic approach. As insurers, we may decide a cyber risk is a good risk when the insurance buying firm has put controls in place that meet one of another set of international standards. However, this paper shows that a cyber risk gap may diminish the value of companies’ efforts to protect their assets from…harm.”

Creese said that instead of simply working to meet standards, organisations must look carefully at the vulnerabilities inherent in the assets they want to protect.

    Share Story:

YOU MIGHT ALSO LIKE


The Future of Risk & Resilience with AI & Data
CLDigital's Co-Founder, Tejas Katwala, joins CIR Magazine to discuss how CLDigital is transforming enterprise risk and resilience. By integrating business processes, AI and data-centric strategies, organisations can move beyond compliance to proactive risk management – simplifying operations, strengthening resilience, and driving business performance. Listen now to explore the future of intelligent risk management.

Investec is disrupting premium finance – Podcast
Investec made waves in entering the premium finance market, where listening and evolving in response to brokers made a real difference.

Advertisement