We know that cyber security is an important concern for every organisation. Daily occurrences demonstrate the risk posed by cyber attackers – from individual hackers to professional cyber criminals.
The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities. This is no easy task in light of the technical jargon involved and the pace of change. Non-specialists can find it difficult to know where to start, to focus on what is important.
At the same time, the media contributes to a culture of fear suggesting every organisation is an easy target. Reports often fail to distinguish between opportunistic fraudsters on eBay and organised criminal groups with strategies for systematically stealing intellectual property. Understanding the nature of the attacker is, however, very important in assessing the extent to which organisations are likely to become a target.