Cybersecurity Demystified: Why Cybersecurity Is More Than Just An IT Issue

Show Notes

In the first of our ‘Cybersecurity de-mystified series, we're talking about why cybersecurity is not just an IT problem. It's everyone's responsibility and it's central to building trust and resilience. 
 

Speakers:

Matthew Ruff, BDM Intertek Business Assurance UKI 

Steven Ramsden, Intertek President – Information Security 

Follow us on- Intertek's Assurance In Action || Twitter || LinkedIn.

Transcript

Welcome to cybersecurity demystified, the podcast series where we cut through the noise and shine a spotlight on security. I'm your host, Matthew Ruff BDM for Intertek Business Assurance UK and today we're talking about why cybersecurity is more than just an IT issue. 

 
Companies across the world are facing a growing threat landscape, making information and data security a top priority. A single data breach can cost absolutely millions, not to mention the reputation, hit and loss of customers. Trust in today's Hyperconnected world, cyber threats are growing in scale and sophistication. 
Businesses of every sizes are being challenged to protect sensitive information, safeguard customers trust and demonstrate resilience in the face of constant change. That's where assurance comes in. At Intertek we believe cybersecurity isn't just about technology. It's about building confidence. Through certification, training and assurance solutions such as penetration testing and red teaming, we help organisations prove their defences and reduce risk.  In this series, we will breakdown key cybersecurity concepts, explain international standards like ISO 27001 and ISO 
42001 and show how Intertek’s cyber assurance services support organisations on their journey from risk to resilience. To help us unpack this, I'm joined by Steven Ramsden, Intertek President, Information Security. 

 
Q: So Steven, let's start with the obvious - why do so many organisations still treat cybersecurity as just an IT problem? 

 
A: Well, first of all, I'd just like to say thank you, Matthew for this question. It's a really important question to start with. I mean it's history really. And for a very long time, security lived in the server room, in the firewalls, antivirus passwords. 
All very technical. So leaders got used to thinking this is really it's an IT job. But actually today every part of the business touches data, HR, finance, sales, even the C-Suite. And if you silo security just in IT, you actually miss the fact that the biggest risks often start with people and actually processes and not just tech. 

 
Q: So let's take this further. What are the real business risks when security is treated as an IT only issue? 

 
A: Well, the big one really is reputational damage. In today's world, reputation and trust is paramount. A cyber incident can erode trust and customers overnight. There is also regulatory risk, there's fines, legal exposure, compliance failures. And don't forget, there is financial loss too. We've seen companies lose literally millions from a single phishing e-mail that bypass controls because an employee wasn't trained. 

 
Q: So I guess the risk isn't just the system went down, it's the business took a hit, you mentioned trust. How does cybersecurity tie into trust with customers, regulators and partners? 

 
A: Well, in this world today, trust is absolutely everything. Customers give you their personal information, expecting you to protect it. Regulators want proof that you're handling data responsibly and partners. They'll walk away if working with you puts them at risk. If you lose that trust, you don't just lose data, you lose relationships. 

 
So cybersecurity is almost like a brand currency. Strong security builds confidence, weak security erodes it. 

 
Q: Now let's talk about the boardroom. What misconceptions do you encounter most often with executives? 

 

A: The first one is really we're too small to be a target. The reality is small and mid sized companies are often the easiest prey. Another misconception I see is if we buy the latest tool, we're safe. Tools are really, really important. But if you people don't know how to use them. Or if your processes are weak or they're misconfigured, you're still very vulnerable. And finally, I think cybersecurity is just a cost. In reality, cybersecurity in this day and age is actually an enabler. Companies with strong security often win contracts because they can prove they're trustworthy. So instead of being a drag on innovation, it can actually be a competitive advantage. 

 

Q:  So let's get practical. I'm the business owner leader listening right now. Where should I start? 

 
A: Well, the most important thing firstly is put cybersecurity on the board agenda. Treat it like you would financial risk. Second, I would then invest in people -  training every employee to spot suspicious emails or handle data carefully is more powerful than any single piece of software that you purchase. And thirdly, breakdown silos. It can't do that alone. Finance, HR, legal operations, everyone in the company has a role to play. 

 
So it's not about doing everything at once, it's about making security part of the culture. Culture is your first line of defence. 

 
End: I'd just like to say thank you to Steven Ramsden, President Intertek for information security and that's a great note to end on cybersecurity. It's not just an IT problem. It's everyone's responsibility and it's central to building trust and resilience. 
Join us next time to unpack more of the challenges and opportunities in today's digital world.  

 

Meanwhile, if you'd like more information on how we can help, please visit intertek.com/assurance/cyber-security/