The courses are ideal for the owners and managers of small knowledge-based businesses, who realise that their business is now a digital business, are concerned about cyber risk and want to be empowered to manage it. The owners are the people who ultimately bear the risks and rewards of the business. The managers bear day-to-day responsibility. The course was designed with the UK and Ireland in mind, but the principles apply to businesses in all countries.
The courses communicate to business people in business language, allowing them to become comfortable with cyber risk. The ideal participant wants to be empowered to manage cyber risk like any other business risk, without becoming a cybersecurity expert.
The term “knowledge-based businesses” includes all businesses that provide products and services based on their intellectual property and includes, amongst others, accountants, lawyers, insurance brokers, business consultants, financial advisors, marketing professionals, architects, engineers and other professionals involved in the real estate industry, as well as those involved in the medical and IT industries.
These owners and managers run their businesses professionally and usually buy professional indemnity insurance (errors & omissions insurance) to protect themselves against legal liabilities arising from their business activities. However, cyber risk presents an important new challenge for them. The potential financial loss, legal liability and loss of reputation that could result from a cyberattack is potentially catastrophic for these businesses. In addition, uncertainty about whether they are sufficiently in control of this risk creates fear, uncertainty and doubt.
I help empower them to move away from this scarcity mindset towards a growth mindset and help them adopt a robust strategy and a tactical plan for significantly reducing the most common internet-based threats to their business. Through their custom-built plan, they can manage cyber as a business risk and not just an IT issue.
e.g. Insurance Brokers, Mortgage Brokers, Life & Pensions Advisors, Wealth Management Advisors, Credit Unions, Financial Advisors of all types.
e.g. Firms of Accountants, Lawyers, Architects, Engineers, Surveyors, Dentists, Doctors, IT service providers, Marketing Professionals.
e.g. Digital Marketing companies, SaaS providers, Cloud-based businesses, Digital Platform providers.
We help business owners and managers overcome any misconceptions that may be preventing good cyber risk management. One such common misconception concerns outsourcing of IT functions:
“Cyber is too complicated a topic for us to understand as we have limited technical skills in-house. We don’t understand the constantly evolving environment, the many sources of risk or the types of losses resulting from cyber-attacks. We have solved the problem by delegating responsibility to an outsourcing IT service provider and are hoping that the measures that they have taken to protect our business are adequate.”
The urge to delegate responsibility for cyber risk management to an IT Service Provider is understandable as many people believe that cyber risk is all about Technology. However, while Technology risk is important, People risk and Governance risk are also vitally important considerations.
It has been estimated that up to 90% of all cyber incidents involve human behaviour, so ignoring the people risk and just concentrating on the technology misses this risk factor entirely. The good news is that a cyber training and awareness programme is easy to organise and can materially reduce people risk.
Governance risk deals with how companies are managed and the processes, procedures and standards that apply internally. This risk factor can also be materially reduced in your business by complying with an Information Security standard, such as Cyber Essentials, NIST or ISO 27001.
While outsourcing IT activities to a specialist IT Services Provider can be a good idea, the ultimate responsibility for managing cyber risk, just like any other business risk, always remains with the Board of Directors. This legal responsibility cannot be delegated to any third party. If day-to-day technology activities are delegated to an outsourcing IT Service Provider, the Board still retains the responsibility to manage the outsourcing risk as part of the overall cyber risk.
that follow are from students of the initial Live Coaching course launched in early 2021.
“Cyber security is of paramount importance to both our firm and our clients. This course took us through a process that helped us to identify potential weaknesses so that we could strengthen our cyber security. It also reinforced the fact that the solution has to come from the top down and it must encompass all our people and all our systems. This course is an eye-opener and if you are a business owner, I would highly recommend it”.
Ken, Partner - Accountancy Practice
"I previously thought that cybersecurity was something our IT provider would look after. The potential risk to our business and our clients from a Cyber-attack was something I had not considered before. Thanks to the Surviving Cyber course, I now see that is not exactly the case. Cybersecurity was an important issue before COVID-19, but having staff working from home has highlighted the seriousness of the risk for me. Thankfully, after completing the Surviving Cyber course I am now fully Cyber risk-aware. What the course has brought to me is a real eye-opener. I believe the understanding and knowledge I gained is of immense value to my business. The content of the course and the way John delivers it is clear and concise and I have actioned what I have learned. The IT guys have been on site for a full assessment of our hardware, software, firewall etc., and I now have Cyber insurance in place. If we are unfortunate enough to find ourselves attacked someday, I now have a clear Cyber pathway and I’m confident I can manage the risk.”
Martin, Managing Director - Wealth Management Company
"In my role as CTO for an emerging Marketing Automation company, IT security and Cyber Risk are increasingly important to me. I came across the Surviving Cyber course as my company had previously done some successful IT Risk Analysis Work with John Byrne. John is a very professional person with an engaging manner and a keen knowledge of IT Security and Cyber Risk Management.
The course itself was very interesting and well structured. Over five weeks, John led us through a series of presentations and activities to introduce us to the key topics around Cyber Risk. The course was very interactive with John taking an interest in how the topics could be applied to our companies. There was always time for questions at the end of the presentation. In the final week, there was an opportunity to have a session with John to devise our own ‘Pathway to Peace of Mind from Cyber risk’.I’d highly recommend the course for both IT and Management professionals who would like to gain an insight into this important area in quite a short period of time."
Mark, Chief Technology Officer - Digital Marketing Company
"As a Trustee and non-executive Board member of a UK Charity, I have always been uncomfortable about my lack of appreciation of the variety of cyber risks that the Charity faces and how to manage these risks. The Surviving Cyber course provided a clear and intelligible progression from cause to effect and then suggested a potential response. I believe that the course provides an initial basis from which to build an effective risk management posture. It is the first course I've seen that is designed to bridge the knowledge gap between being cyber unaware and cyber informed. I now have the foundational knowledge to have a meaningful discussion with the information security professionals implementing the cyber risk management plan for our operation – Peace of Mind indeed."
Richard, Chair of the Trustees - UK Registered Charity
"Prior to the Surviving Cyber course, I was naïve to cyber risk to say the least and certainly how exposed I was even as a one-man Ltd company. I took the course as an opportunity to primarily educate myself more on the risk’s cyber presents to myself, my clients and indeed the wider market. The course ended up being much more than just education.The Surviving Cyber course is exceptionally well put together. A progressive and ‘building block’ approach to each weekly session, with accompanied contextual tasks allowed me to assess my own performance and application of measures to reduce cyber risk within my business and for my clients.I finished the course with a clear pathway to peace of mind, and an answer to the crucial question; “How can I best protect myself and my Business from Cyber risk”. John’s guidance helped me produce a worked plan that is directly relevant to my business with clear actions I can take in the short-medium and long-term, with specific guidance provided on a one-to-one basis by John.I would highly recommend the course to anyone interested in reducing their cyber exposure – which really should be everyone!"
George, SME Business Consultant
There are risks and costs to a program of action - but they are far less than the long range cost of comfortable inaction. "
John F. Kennedy, 35th President of the United States