You are here

  1. Home
  2. How to develop a cybersecurity strategy for your business

How to develop a cybersecurity strategy for your business


A new report has expert insight from industry-leading cybersecurity and risk practitioners on the cyber threat faced by today’s organisations. Importantly, there are recommendations and practical steps to develop a cybersecurity strategy aimed at business leaders and practitioners in organisations of all sizes.

James Crotty and Professor Elizabeth Daniel are the co-authors of Lessons from Practice: Insights on cybersecurity strategy for business leaders, from SMEs to Global Enterprises. They stress that cybersecurity is not just an IT issue, and is actually a business issue which must be led by the board and other business leaders.

James is a member of the Business School’s International Advisory Board (IAB) which provides international business and management expertise to support the delivery of our research and teaching. He holds a number of board and advisory roles across different sectors, following a career of more than two decades with American Express.

Elizabeth is Professor of Information Management who leads our Department for Strategy and Marketing (DSM). She is co-author of the book Benefits Management: How to increase the business value of your IT projects and numerous academic papers on the effective use of IT by businesses.

The increasingly important role of technology in business has been very clear to me for some time. It’s also evident that cyber disruptions, such as those impacting British Airways, Travelex, Facebook and Colonial Pipeline, have the potential to seriously restrict the extraordinary benefits available to organisations and society through the diffusion of new technologies in the 21st century.

While I was always a big user of extensive IT systems in my executive career, I felt it would be helpful for me in my Independent Non-Executive Board Director (INED) role to get a contemporary perspective on the rapidly emerging disciplines of ‘big data’, software development and cybersecurity so I undertook an MSc in Computing with the OU (completed in 2016) and gained a further practice-based qualification in cybersecurity.

An understanding of cybersecurity is essential for board and business leaders, as the regulators and heads of leading national security agencies emphasise. Despite my qualifications and senior position, I still found the ‘alphabet soup’ of cybersecurity frameworks, policies and tools – from a vast array of agencies – to be very confusing. The report brings structure to the disparate cybersecurity frameworks and tools that can otherwise be overwhelming, especially for those who are not involved on a day-to-day basis in managing cybersecurity.

If their organisation already has a cybersecurity strategy, it will allow them to ask searching questions. If they don’t, it will help them develop one. The report captures the latest thinking and experience of cybersecurity experts from a range of industry sectors and covers both large and small organisations.

James Crotty
Report co-author and member of the OUBS International Advisory Board (IAB)