ECSC boss discusses board level security risks, EU regulation and IPOs
“The danger in 2016, our IPO year, was that management got distracted by the IPO and took its eye off core business,” said Ian Mann, ahead of cyber security firm ECSC’s maiden results following its flotation last year.
The team have certainly not taken their eyes off the ball, with the Bradford-based company announcing an increase in revenues to £4.5m, up from £2.7m in 2015 in their most recent accounts.
ECSC opened an additional operational centre in Bradford earlier this month and plans for an incident response centre in London and a facility in Australia are underway to enable the company to service companies 24/7.
New legislation has also been on the side of ECSC, which will force companies to report a cyber security breach within 72 hours.
“This is European regulation,” said Mann, “and the UK government has confirmed that even though we’re doing Brexit we will be making it UK law.”
Fines are the headline grabbers in the new legislation, with a previous £500,000 fine rising to 4% of a company’s global turnover income to a maximum of £18m – a significant increase.
“Previously there has been no legal requirement to report breaches,” he said. “It’s really to protect personal data. There have been lots of breaches and investigations which show that even large companies have abdicated responsibility and not managed security responsibly.”
“Big tech companies should be investing in security. We’re expected to share a large amount of personal data, with companies collecting personal data on all the online services we’re using. This can be used by criminals if security is compromised, and we don’t have much power as a citizen over what companies do with data.”
Though the government is responding, he said, companies need to start taking it seriously. But why have they not so far?
“There’s a few things,” he said, “including a lack of awareness at board level which will change with new legislation. Security then becomes board level risk because penalties are so high.
“There’s also a technical challenge – doing it well is difficult, companies struggle to make IT systems work correctly to start with. The rate of change of IT systems also means people managing those systems struggle to deal with security.”
“The market expects that IT suppliers get new services out into the market, all the pressure there is to get a new service out. Quite often its security that is not addressed adequately,” he said.
Continued “rapid growth” is on the cards, said Mann. With staff already having risen from 57 to 98 within the last year, the company has already won clients on the back of the IPO. He said the major piece of advice he would give anyone looking at the IPO route would be to get experienced advisors in as early as possible.
“Our chairman works with existing listed companies, it’s important to have experienced people on your board. Board appointments aren’t something you should get late in day to satisfy requirements, they will help you get right advisors, PR, brokers, get the right team together and it’s run smoothly, why we were able to do that and have a good set of results as well.”
“It’s an exciting time for us, new people and new clients. Now cyber security is becoming more important, people know they need to address this before they’ve had a breach.”
