With an ever-increasing reliance on cloud-based and network storage and an ever-decreasing pile of receipts, cash memos, and invoices to hide behind, the threat of cyber-attack is looming large over the financial sector. The CyberEdge 2022 Cyberthreat Defence Report (CDR) shows that over 80% of UK organisations experienced at least one successful cyber attack between 2021 and 2022. Additionally, recent figures show that over 73 percent of UK organisations have had to contend with a Ransomware attack, this is where malware denies users access to files within their computer or network, encrypting them and demanding a “ransom” before these are released. This is an increase of 15% over 2021, and with accountancy being an integral part of economies across the globe, and this work bringing a wealth of confidential information and data, this makes a tempting target for threat actors. As such, now is the best time for organisations to look at and analyse their cyber security posture, initiating this process however can often be the hardest part if you are unsure where to start.

No business can be completely cyber safe, however an analysis of the systems, and security mechanisms your organisation currently have in place can be a good jump off point, this can be achieved with the help of Cyber and Governance standards. The National Cyber Security Centre (NCSC) have generated the Cyber Essentials (CE), and Cyber Essentials Plus (CEP) schemes to help companies and organisations in Wales and across the UK protect themselves against a range of different attacks. With CE being a self-assessment that helps you analyse where you currently stand, asking pertinent questions surrounding features such as encryption, Multi-Factor Authentication (MFA), and Patch management, this can help bring a business up to speed and assist in protecting them. From there CEP is an audited assessment by a company such as PureCyber, taking the information presented with CE and having Cyber Professionals test the technical controls in place within the business. Both standards bring certification that can bring peace of mind to suppliers and customers alike.

From this point the next steps would be to look at risk-based governance assessments, such as the ISO 27000 family of standards, or the IASME Cyber Assurance standard. These are risk management standards that set out specific strategic processes that can help a company analyse and mitigate the risks currently present within their company that reach beyond the more technical views and controls within CE and CEP. Both a technical and organisational approach to your Cyber Posture can be a fantastic place to start in reducing your threat index as an organisation.