week 29

K1.29 The importance of cyber security to organisations and society:

Cyber security is vital for protecting systems, data and people. Without effective cyber security, organisations and society are at risk from data breaches, financial loss, reputational damage and legal action.

Below we look at how it affects organisations and society.

Importance to Organisations

Modern organisations rely on digital infrastructure to run daily operations. Cyber security ensures:

Protection of all systems and devices

• Servers, laptops, mobile devices and IoT equipment are secured against unauthorised access, malware and data loss.

• Example: A company installs endpoint protection on all laptops to stop ransomware infections.

Protection of cloud services and their availability

• Many businesses use cloud services for storage, email, and collaboration.

• If these services are compromised, productivity stops.

• Example: A school ensures its cloud‑based student records system uses secure logins and encryption to prevent downtime or hacking.

Protection of company data and information

• Commercially sensitive data (e.g. financial records, intellectual property) must be kept confidential.

• Example: A business uses encryption and access controls so only senior management can view strategic plans.

Protection of personnel data and data subjects

• Employee and customer personal data must be handled securely to avoid breaches.

• Example: HR systems store employee addresses and bank details; strong passwords and MFA protect this information.

Password protection policies for users and systems

• Enforcing strong, regularly updated passwords prevents easy account compromise.

• Example: Staff must change passwords every 60 days and use complex passphrases.

Adherence to cyber security legislation

• Compliance with UK GDPR and DPA 2018 avoids fines and reputational harm.

• Example: A company that mishandles customer data could face a substantial ICO penalty.

Protection against cybercrime

• Prevents financial loss, fraud, phishing attacks, and ransomware.

• Example: A retail company blocks card skimmers and uses PCI DSS standards to protect transactions.

Importance to Society

Cyber security is not just an organisational issue — it protects individuals and the wider community.

Protection of personal information

• Prevents unauthorised use of sensitive data.

• Maintains privacy and security online.

• Protects people from prejudices or discrimination (e.g. medical or employment data being leaked).

• Ensures equal opportunities by safeguarding sensitive records.

• Example: Encryption of hospital patient records stops them being sold on the dark web.

Preventing identity theft

• Secure handling of names, addresses, national insurance numbers, and financial details stops criminals using someone’s identity for fraud.

Individuals’ rights under the DPA 2018

Cyber security measures help ensure that these rights are respected:

• Be informed about how data is used

• Access personal data

• Have incorrect data updated

• Have data erased (right to be forgotten)

• Restrict processing of data

• Data portability (reuse data across services)

• Object to certain processing

Example: A social media platform must have secure systems so users can safely download or delete their own data.

Protection against cybercrime

• Society benefits when fewer people are victims of fraud, phishing or online harassment.

• Example: Strong online banking security reduces large‑scale fraud.

Why It Matters

The Advisor
Scenario:
You are advising a local business on why they should invest in stronger cyber security.

Task:
Write a short report with two sections:
For the organisation: Explain three reasons cyber security is important and give an example for each.

For society: Explain two reasons why good cyber security helps the wider community, with examples.

Extension:
Identify one recent real‑world cybercrime incident and describe how it affected both the organisation and its customers or the public.

In pairs collaborate and create a presentation on the following  (Each topic must be covered).  The presentation will be delivered to the class: 

Managing and controlling access to systems.  This should consider things like authentication, detection and prevention, firewalls, and the various types of access control. 

Physical and virtual methods of managing and securing network traffic. This should consider things like software defined networking, screened subnet, virtual LANs and subnets. 

Techniques applied to ensure cyber security for internet connected devices. This should consider wireless security, device security, encryption, virtualisation, penetration testing, protection, updates and authentication. 

Importance of cyber security to organisations and society. This should consider the protection of systems and data on the organisation and society. 

The fundamentals of network topologies.  This should include topologies, OSI and TCP/IP models. 

The application of cyber security principles.  This should include the management of risks to security and the network (identification), development and application of control measures (protection), implementation of protection and resources to identify issues (detection), reaction to security (respond) and restoration (recover). 

Last Updated
2025-07-15 10:51:30