Who are these Courses for?
The courses are ideal for the owners and managers of small knowledge-based businesses, who realise that their business is now a digital business, are concerned about cyber risk and want to be empowered to manage it. The owners are the people who ultimately bear the risks and rewards of the business. The managers bear day-to-day responsibility. The course was designed with the UK and Ireland in mind, but the principles apply to businesses in all countries.
The courses communicate to business people in business language, allowing them to become comfortable with cyber risk. The ideal participant wants to be empowered to manage cyber risk like any other business risk, without becoming a cybersecurity expert.
The term “knowledge-based businesses” includes all businesses that provide products and services based on their intellectual property and includes, amongst others, accountants, lawyers, insurance brokers, business consultants, financial advisors, marketing professionals, architects, engineers and other professionals involved in the real estate industry, as well as those involved in the medical and IT industries.
These owners and managers run their businesses professionally and usually buy professional indemnity insurance (errors & omissions insurance) to protect themselves against legal liabilities arising from their business activities. However, cyber risk presents an important new challenge for them. The potential financial loss, legal liability and loss of reputation that could result from a cyberattack is potentially catastrophic for these businesses. In addition, uncertainty about whether they are sufficiently in control of this risk creates fear, uncertainty and doubt.
I help empower them to move away from this scarcity mindset towards a growth mindset and help them adopt a robust strategy and a tactical plan for significantly reducing the most common internet-based threats to their business. Through their custom-built plan, they can manage cyber as a business risk and not just an IT issue.
Financial Services Business Owners
e.g. Insurance Brokers, Mortgage Brokers, Life & Pensions Advisors, Wealth Management Advisors, Credit Unions, Financial Advisors of all types.
Professional Services Business Owners
e.g. Firms of Accountants, Lawyers, Architects, Engineers, Surveyors, Dentists, Doctors, IT service providers, Marketing Professionals.
Digital-First Business Owners
e.g. Digital Marketing companies, SaaS providers, Cloud-based businesses, Digital Platform providers.
Outsourcing your IT function?
We help business owners and managers overcome any misconceptions that may be preventing good cyber risk management. One such common misconception concerns outsourcing of IT functions:
“Cyber is too complicated a topic for us to understand as we have limited technical skills in-house. We don’t understand the constantly evolving environment, the many sources of risk or the types of losses resulting from cyber-attacks. We have solved the problem by delegating responsibility to an outsourcing IT service provider and are hoping that the measures that they have taken to protect our business are adequate.”
The urge to delegate responsibility for cyber risk management to an IT Service Provider is understandable as many people believe that cyber risk is all about Technology. However, while Technology risk is important, People risk and Governance risk are also vitally important considerations.
It has been estimated that up to 90% of all cyber incidents involve human behaviour, so ignoring the people risk and just concentrating on the technology misses this risk factor entirely. The good news is that a cyber training and awareness programme is easy to organise and can materially reduce people risk.
Governance risk deals with how companies are managed and the processes, procedures and standards that apply internally. This risk factor can also be materially reduced in your business by complying with an Information Security standard, such as Cyber Essentials, NIST or ISO 27001.
While outsourcing IT activities to a specialist IT Services Provider can be a good idea, the ultimate responsibility for managing cyber risk, just like any other business risk, always remains with the Board of Directors. This legal responsibility cannot be delegated to any third party. If day-to-day technology activities are delegated to an outsourcing IT Service Provider, the Board still retains the responsibility to manage the outsourcing risk as part of the overall cyber risk.
Who are these courses NOT for?
These courses are not for anyone looking for a 'silver bullet' solution to cyber risk. There is no such thing.
The topic of cyber risk is vast and these courses are introductory in nature.
Participants should understand that getting the promised outcomes requires some work from them. Creating the Pathway to Peace of Mind or a Cyber Resilience Plan is a unique task for each business and cannot be 'done for you' by a third party.
We consider technology in these courses as part of a risk management approach to cyber risk. This is not a 'IT' course nor a course on cybersecurity. It is not designed for technology experts.
There are risks and costs to a program of action - but they are far less than the long range cost of comfortable inaction. "
John F. Kennedy, 35th President of the United States