red arrow pointing right
Back to insights

How to Audit your Organization’s Cybersecurity Plans

May 2021
May 2021

Today, many companies, especially ones with ties and business deals in other countries, rely on networks and digital information to connect with stakeholders. This increased capacity for collaboration brings many benefits, but it also has its disadvantages.

For instance, a common cyber threat is a ransomware attack, where malicious software encrypts files and holds them hostage. It can cause operations to slow down or even grind to a halt. According to the Swiss Cyber Forum, the worldwide damage costs from ransomware will increase to €18 billion by 2021. A ransomware attack is only one of the many types of cyber attacks a malicious actor could launch on a company.

Cyber Security Plans Take Time to Complete

Online and digital security will only become more critical every year, and all businesses need to prepare for cyber attacks. Since cyber threats evolve rapidly, a business needs to ensure that its security measures are effective.

For many companies, data breaches are not a question of if but when. Slow, inadequate protection measures can hurt your bottom line and your reputation. So, you need to audit your security plans regularly. A brief cyber security audit will show you if your plans are up-to-date or if you need to make some changes. Here are a few things to help you start.

1. Review the Plans You Have in Place

The first thing to do is have a document-based review of the company’s cyber security plans. See if their procedures and policies are complete and relevant—have there been significant breaches in companies with similar profiles? What did they do to contain or deal with these? How can your company adapt it to your operations? Each piece of the plan should have a purpose, and everyone mentioned in it must have clear roles and responsibilities.

2. Conduct Threat and Risk Assessments

If your team developed cyber security plans a while back, there would likely have been new threats that have emerged since then. Additional vulnerabilities from adding third-party data storage, employees joining or leaving the company, and incorporating new servers, software, and hardware are all sources of threats and risks. When making your assessment, account for all possibilities and see if you can put preventive measures in place.

3. Evaluate Plans Against the New Standards

After conducting a threat and risk assessment and outlining preventive measures, consider if the plans meet applicable security standards. Are there regulatory requirements and industry best practices that you must note? Do the plans account for the organization’s policies? Hiring the services of risk management companies would make handling this phase efficient.

4. Determine If the New Plans Are Actionable

Beyond looking good on paper, security plans need to be practical as well. Your employees should be able to use them during an emergency. For example, in the event of a data breach, would the people who discover it know what to do? Do they know who to report the breach to, and how long will it take to deal with the situation? Will the breach affect clients or the production line, or can the company keep things in the back end?

Cyber attacks happen quickly, and your organization needs to know how to adapt to developments in an emergency. Besides training relevant personnel, digitizing your plans using a crisis management platform also helps. It lets employees at various levels access plans relevant to them and allows them to study and prepare for these threats.


Cyber security audits ensure business continuity and prevent widespread data loss in your organization. Businesses need to keep their company’s and clients’ digital information safe, and revisiting your cyber security plans helps you work towards that.

Let Scaramanga’s team of lawyers, engineers, and security specialists keep your business safe from cyber threats. We offer end-to-end data protection solutions in Switzerland, covering a wide range of expertise. Whether you need a dedicated, external Data Protection Officer on-call for queries, or are looking for more comprehensive month-to-month cover, we can help you. Book a consultation today to discuss your organisation's needs and learn how we can help safeguard your business.