According to a survey by KPMG, four in 10 UK CEOs believe becoming a victim of a cyber attack is now a case of ‘when’ and not ‘if’ for their organisation, following a survey of CEOs from some of Britain’s biggest businesses. If you browse the internet you will find websites which do not have even basic website security. Check the top of the page by the address line; it should now be normal practice to have an HTTPS site but many companies, often large enough to have hundreds of staff, do not even adopt this simple level of security. Outsourcing website and network requirements to specialist IT companies is widespread practice but some IT companies do not even have minimal levels of security themselves. How many IT support contracts actually mention security as part of their service? We now have GDPR regulations and there was a frantic level of activity in May 2018 when the regulations first applied. How many companies have ticked all the boxes in relation to the handling and management of data but failed to address data security? The big companies have the size and budgets to implement strong security but there are thousands of smaller businesses which do not even back up their data properly. This is simple to do with relatively cheap cloud storage and fast internet generally available. Those that do back up their data rarely try to restore it in the event of a cyber attack or some other incident causing data loss. Data restoration is not always successful and we have worked with companies to recover what they thought was a simple back up of their own data. If your business has data on computer, which is true of nearly every business, there is a threat of theft of that data. For example, consider the GDPR implications in the event of theft of employee data from payroll systems. No business is too small to ignore the threat of theft or ransomware which can cause significant financial damage and stop companies operating. Machinery is mostly computer programmed; consider the effects on production. A proper review of cyber security and computer network systems is never a bad idea! Good security reduces business risk, improves compliance with regulations like GDPR and can even offer time saving and efficiencies within the organisation.