Know your data to protect against cyber crime

Organisations are urged to act now to deepen their understanding of data governance requirements and to boost resilience against cyber attacks
Adv Ffc Quorumcyber

The global cost of illegal activities on the internet is set to surpass an extraordinary $11tn this year, presenting a significant threat to business. This growing cybersecurity risk is prompting business leaders to reassess their approach to data protection within their organisation to build greater resilience.

But getting to grips with the sheer scale of the issue of cybersecurity, with new threats constantly emerging, is a major business challenge. The amount of data that even small- and medium-sized enterprises must manage has grown exponentially, creating new risks and potential costs.

Pressure is also increasing from external stakeholders, such as investors and insurers, to be able to demonstrate that adequate data governance is in place.

Graham Hosking, solutions director – compliance at cybersecurity company Quorum Cyber, says: “We talk to customers about protecting their crown jewels, such as intellectual property, financial information or customer data. In today’s digital world, data is one of the most valuable assets for any organisation.

“Ensuring data security involves more than just technology; it also needs people and processes. Effective communication among various business units is crucial to understanding the potential impact and risks involved. It’s important to understand the data at hand and safeguard any sensitive information to the best of their ability.”

Quorum Cyber is one of the UK’s cybersecurity success stories. The company was set up in Edinburgh in 2016 by Federico Charosky, with 20 years’ experience of protecting banks and corporate clients from cyber attacks.

Since then, it has expanded rapidly to reach more than 150 customers across four continents and now employs more than 170 people. Quorum Cyber has achieved year-on-year growth in excess of 100% for three consecutive years and is now valued at more than £150m.

Ensuring data security involves more than just technology, it also requires the right people and processes

As a Microsoft Solutions Partner for Security, Quorum Cyber provides a managed extended detection and response (XDR) service to detect threats, prevent cyber attacks, and protect reputations and relationships, which enables firms of all sizes to do business and grow. The company adopts a partnership approach, which means services can be tailored to customers’ precise needs.

Hosking explains that the first critical step for any business is to understand what data, and how much, they hold.

Quorum Cyber addresses this challenge through a data security assessment, which covers all aspects of an organisation’s data security posture. The team uses Microsoft technology to understand content which resides in on-premises file servers, Microsoft 365 or third-party cloud repositories that are corporately owned, such as Dropbox or Box.

The assessment also enables Quorum Cyber’s expert team to monitor user insights and provide a better understanding of who has access to a company’s data and how it is being used. They assess the environment against key elements within the data protection baseline, and how it compares to industry standards.

There are a number of factors that organisations should consider when evaluating data risk, says Hosking. For example, the geographies, countries or jurisdictions where an organisation operates will affect the laws, regulations and industry standards that must be complied with. Do mandates for data protection and governance vary by location, data types or other factors? Is data resilience a regulatory requirement, a cyber threat mitigation, or both?

“It is essential that these questions are answered in cooperation with legal, risk and compliance teams,” Hosking says. “Though IT and information security might be given the responsibility of applying appropriate controls and protection against that data, these controls must be aligned to the organisation’s responsibilities and contractual obligations.

“As business-critical data expands and the workforce shifts to remote work, having an integrated approach that helps to quickly identify, triage and act on suspicious activity is more important than ever,” he adds.

To find out more, visit