Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

26 January 2012; London, UK – Independent information security body, Information Security Forum (ISF) ( is providing business leaders and information security professionals with advice and practical guidance on the threats in cyberspace in its new report launched today. The report, Cyber Security Strategies: Achieving cyber resilience addresses the ‘risk vs reward’ aspects of cyberspace and identifies the key capabilities that organisations need to adopt to increase their resilience to threats.

The report comes at a time when international organisations like the World Economic Forum (WEF) ( are highlighting the increasing risks of cyber crime and the possibility of a greater number of cyber attacks in the year ahead. The UK Government also highlighted cyber crime as part of its national cyber security strategy launch in 2011, ring-fencing more than £500 million to bolster cyber security.

Michael de Crespigny, CEO of ISF, says: “Business leaders recognise the huge opportunities and benefits cyberspace offers in terms of increasing innovation, collaboration, productivity, competitiveness and customer engagement and they will continue to work hard to exploit the opportunities it presents. Yet many are having difficulty determining the risk vs reward aspect, preparing for adverse surprises, and understanding that with benefits come significant risks.”

ISF believes the step change in benefits from cyberspace is accompanied by a step change in the profile and seriousness of the threats, driven by two key factors:

• Cyber criminals (hacker groups, criminal organisations and hacktivists) worldwide are better organised and more professional in their approach. They innovate just as business does and the financial rewards for them grow as business use of cyberspace grows. They have access to powerful, evolving capabilities, which they use to identify, target and attack. They have well-developed marketplaces for buying and selling tools and expertise to execute sophisticated attacks – ISF calls this ‘Malspace’.

• Cyberspace is constantly evolving and presenting new opportunities. The desire of businesses to quickly adopt new technologies, using the Internet to open new channels and adopting cloud services, provides enormous opportunity, but also brings unforeseen risks and unintended consequences that can have a negative impact.

The ISF report addresses this step change by recommending a way forward for public and private sector organisations and providing advice on how to anticipate and respond to the threats. As well as identifying the problems, it introduces the ISF Cyber Resilience Framework, a vision for organisational resilience that can be used to deal with threats head-on, while building on existing security practices and infrastructure.

De Crespigny adds: “Cyberspace is critical to all organisations today – from the supply chain to customer engagement – and slowing adoption or disconnecting is simply not an option. Based on insights from our global Membership and research, our Cyber Resilience Framework identifies the key capabilities that organisations need in order to enhance their security posture and protect their business against ever-evolving cyber threats.”

There are 10 key findings in the Cyber Security Strategies: Achieving cyber resilience report:

1. The benefits of cyberspace are immense, as are the risks – the more successful you are in cyber space the greater the impact of risk
2. Organisations must embrace uncertainty and develop cyber risk resilience
3. Malspace is a global industry that has evolved to facilitate cyber crime
4. Impacts from cyber threats can have a very long and disproportionate risk tail
5. Hacktivism presents significant threats to the organisation, not just its information security
6. Cyberspace vastly increases information security risk
7. Information security is fundamental and more important for security in cyberspace
8. The complexity of cyberspace enables threats to combine quickly in unpredictable and dangerous ways
9. It is essential to collaborate, share intelligence and influence good practice across cyberspace
10. Cyber security is more than information security - it’s a business issue.

The ISF report also includes practical guidance on getting support from senior management to address cyberspace threats; creating a Cyber Resilience Group to drive and co-ordinate all cyber resilience activities; and collaborating with others, including customers, supply chain partners and suppliers, to share intelligence and best practice. An executive summary of the report is available from the ISF website and the full report is now available to non-Members to purchase from ISF’s online store:

Input for the report was gathered through workshops around the world, interviews with ISF Members and other experts, as well as previous ISF research and reports, including Information Security Governance, Hacktivism and the ISF 2011 Standard of Good Practice for Information Security.


About the ISF
Founded in 1989, the Information Security Forum is an independent, not-for-profit association of leading organisations from around the world. It is dedicated to investigating, clarifying and resolving key issues in information security and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organisations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.

Further information about ISF research and membership is available from

Media contact:
Amanda Hassall
01628 480280/07855 359889

This press release was distributed by ResponseSource Press Release Wire on behalf of Six Degrees Limited in the following categories: Consumer Technology, Business & Finance, Public Sector, Third Sector & Legal, Computing & Telecoms, for more information visit