14 May 2019

Cyber Security (Small & Mid-Size Firms)

Firms of all sizes need to mitigate cyber risks. In this memo we provides practical cyber tools including frameworks, contractual requirements, and regulatory expectations for small and mid-size managers.

Cyber threats can include theft of sensitive data and financial assets, business disruption, and reputational damage. As such, it is important for firms of all sizes to mitigate these risks. This memo builds on the 2015 Toolbox memo on Cyber Security focusing on the needs of small and medium size firms. It discusses how to shape cyber security strategies and oversee cyber risk.

This memo addresses the following:

  • A Cyber Defence Framework, including risk governance, cyber hygiene, resilience, and incident response planning,
  • Cyber Hygiene Implementation – SBAI Basic Approach, including key IT and network controls, why these matter and how they work, and calibration of cyber controls,
  • Due Diligence on Managed IT Service Providers including assessment of controls and assurance testing, and 
  • Examples for a simple table-top cyber security exercise.