There were more than 60,000 data security incidents across a wide range of industries in 2015, according to the Verizon 2016 Data Breach Investigations Report. The rapid increase in such incidents and breaches has driven sensitive data-protection improvement to the top of organizations’ priorities list. Very few companies possess the necessary in-house security expertise to fully address security across the three pillars of cyber security; however, those that do often need to supplement said in-house know-how with external cyber-security expertise. Cyber security is not unlike the medical field in terms of the implausible assumption that an orthopedic specialist is also an expert heart surgeon. It is a broad and complex field encompassing unique specialties, skillsets, tools and expertise.
Organizations that decide to hire a cyber security consulting partner, several factors must be considered to ensure they contract a long-term partner with the right knowledge, experience and the tools necessary to provide comprehensive, practical security solutions. Such factors include the following:
- Primary focus on cyber security: The firm must do this across all three pillars—not just an add-on to other services, such as information technology, legal and accounting;
- Enterprise risk-management approach: A holistic, strategic approach with a focus that goes beyond technology;
- 100%-vendor agnostic: The firm must not have existing business relationships with hardware and/or software vendor(s) that could represent a conflict of interest (if they’re not vendor-agnostic, their advice will likely be biased);
- Customizable service offerings: The firm must offer services that can be tailored to your organizational environment and needs—not a one-size-fits-all approach;
- Long-term-relationship focus: The firm must invest the time to learn your organization’s unique needs (irrespective of how similar organizations look on paper);
- Specialized insurance coverage: Technology errors and omissions insurance that specifically addresses security and privacy consulting;
- Diverse client base: This enables you to leverage the experiences and lessons of other firms; and
- Mix of government and commercial experience: This enables you to benefit from government and commercial cyber security best practices.
To ensure you hire a firm with the appropriate objectivity, experience, knowledge and tools, all of the above-listed factors must be investigated prior to selecting a cyber security partner. A lot of firms have jumped on the cyber security-consulting bandwagon, trying to capitalize on the media’s data-breach hysteria.
Effectively protecting your data is not a one-time initiative, but rather an ongoing risk-management process. Thus, you must ensure that the cyber security-consulting firm you select is a viable long-term partner.
Don’t allow the complexity and scope of cyber security prevent your organization from implementing an enterprise risk-management-based approach. COMPASS provides a practical yet comprehensive approach to cyber security. To learn more about our approach and how we can help protect your organization, please contact us.