Access the UK Government report

As mentioned in the video, the UK Government publish cyber security breach survey reports each year. You can find the report for 2025 here.

The standard (ISO27001)

ISO27001 is an international standard that helps organisations manage and protect their information securely. It provides a framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).

In simpler terms, ISO27001 is like a set of guidelines that organisations can follow to ensure that their information, like customer data or company secrets, is kept safe from threats like hackers or data breaches. It helps them identify potential risks, put measures in place to address those risks, and regularly review and update their security practices to stay protected. Essentially, it's a roadmap for building a strong and resilient information security program.

CIA Triad

The CIA triad is widely employed because it provides a comprehensive framework for evaluating and enhancing the security of information systems and data. By prioritising confidentiality, integrity, and availability, organisations can effectively mitigate a wide range of security risks and threats.

1. Confidentiality: This principle ensures that information is kept private and accessible only to those with permission to access it. It's akin to locking a diary to prevent others from reading its contents, maintaining secrecy and privacy.
2. Integrity: Integrity safeguards the accuracy and reliability of information. It ensures that data remains unchanged and uncorrupted during storage, transmission, or processing. Think of it as ensuring that a letter you send arrives with its contents unaltered, maintaining trustworthiness and reliability.
3. Availability: Availability guarantees that information is accessible when needed. It ensures that systems and resources are operational and ready to deliver services whenever required. Picture it as ensuring that a library is open during its advertised hours, providing access to knowledge and resources without interruption.

By upholding these principles, organisations can effectively manage and protect their information assets, safeguarding against unauthorised access, manipulation, or disruption.