Cyber Security – It’s Everyone’s Responsibility, Especially at the Top
If there’s one message I want to hammer home, it’s this – cyber security is not just an IT issue. Yet, in many public and…
Ethical Data Security – Are You Protecting What Matters?
In today’s data-driven world, security isn’t just about technology. It’s an ethical obligation. Organisations must not only protect sensitive data but also ensure accountability, transparency and preparedness in the face of cyber threats.
Think of a cutting-edge aircraft. Engineers design it for maximum speed and efficiency, but without safety features, strong materials, emergency protocols, and cyber security protections, it’s a disaster waiting to happen. In data science, security is the safety engineering of data. It ensures that insights, models and research aren’t undermined by breaches, leaks or manipulated datasets.
As part of Data Lab’s data and ethics month, our recent Community webinar explored ethical data security and incident response preparedness. With our Incident Response & Threat Intelligence Manager, Norman Stevenson sharing cyber security insights and practical steps. Attendees left with critical questions to assess their cyber resilience and security culture.
Why ethical data security should be a priority
With cyber incidents on the rise, organisations can no longer afford to treat security as an afterthought. Data breaches impact not only financial stability, but also customer trust, regulatory compliance and business continuity. A few key statistics highlight the growing risk:
- 69% of large businesses, 59% of medium businesses and 32% of small businesses acknowledge being victims of a cyber breach or attack.
- 24% of charities have reported incidents, often with limited resources to recover.*
Organisations that fail to plan, test and embed security in their culture, expose themselves to severe financial and reputational risks. Data scientists and cyber security teams aren’t natural bed fellows and sometimes can have a tug-o-war between open access to data, whilst the other wants to lock it down. Balance is needed, ensuring enough openness for innovation whilst maintain security to prevent data breaches that could disrupt trust and research.
Key questions to assess your cyber resilience
One of the areas we covered during the webinar looked at what questions to ask your organisation, to check your cyber posture. And more importantly, areas to improve. We’ve summarised these below, to give all organisations a head start to develop their cyber security.
Embedding cyber security in your organisation
- Is a cyber strategy in place?
- Does cyber security feature in the priorities of all areas in the organisation?
- Does everyone understand their roles and responsibilities?
- Do Board members actively engage in cyber security discussions?
Why does this matter?
Security should be a business-wide priority. It isn’t just an IT problem. Leadership buy-in ensures policies are implemented effectively.
Developing a positive cyber security culture
- Do senior leaders set the example for security best practices?
- Is security policy and process design collaborative?
- Does your organisation promote a ‘no-blame’ culture?
- Are security metrics focused on success, rather than failure?
Why does this matter?
Cyber security culture determines how well an organisation prevents and responds to incidents. A blame-free environment fosters proactive reporting and continuous improvement.
Identifying and protecting critical assets
- How up to date is your asset inventory?
- Do you track changes to ensure baseline security?
- Do you know what our critical assets are, who is responsible for them, and where are they stored?
- Are your cyber security priorities clearly communicated and aligned with business objectives?
Why does this matter?
Organisations often underestimate the value of their data. Without knowing what you’re protecting, you can’t secure it properly.
The role of Incident Response in cyber resilience
A key takeaway from the event was the importance of having and testing an Incident Response Plan. Many organisations have a theoretical plan in place, but it may not have been tested with real-world scenarios. It also has to be clear and concise to ensure those key people with responsibilities know exactly what’s expected of them.
Testing is key, so don’t just put the effort into creating a plan then keep it locked away. Practice definitely makes perfect when it comes to cyber security. Remember:
- A strong cyber security culture prevents incidents before they escalate.
- Executive involvement ensures cyber security stays a business priority.
- Exercises and simulations expose gaps before a real crisis hits.
- Collaboration with partners strengthens response capabilities.
- Every learning experience should lead to security improvements.
Ultimate responsibility sits with the Board – cyber security isn’t just an IT problem, but a strategic business issue.
Are you prepared?
Cyber threats are inevitable, but data breaches don’t have to be disasters. By embedding ethical security practices, maintaining a tested Incident Response Plan, and fostering a strong security culture, organisations can build resilience and protect what matters most.
If you missed our Data Lab webinar, stay connected with us by:
- Following our channels on social media – LinkedIn and X.
- Signing up for our free newsletter or threat intelligence alerts.
- Download our free threat intel app.
- Register for our future free events, shared on our website, social media and newsletter.
* Source
Related articles
Cyber Bytes & Insights – Bite-Sized Cyber Training
The Cyber and Fraud Centre Scotland is delighted to launch a new training series, providing practical, hands-on exercises to boost cyber security readiness. Our Cyber…
Business Basics: Beating Edinburgh Festival Scams
The Edinburgh Festivals are known the world over and have become a powerful income generator for the city of Edinburgh. In 2022, their economic impact…