ICAEW  'Audit Insights: Cyber Security'

A review from November 2013, which is certainly worth reviewing:

"Auditors working in IT reveal that every business will have their security compromised and must change their mind set around cyber security. In the ICAEW report auditors say that businesses need to be able to tolerate a certain level of security breach and prioritise on protecting what information and data is important to them – their ‘crown jewels’.

Most businesses don’t get the basics right It is estimated that up to 80% of security breaches could be prevented by implementing basic good practices in cyber security. However, businesses of all sizes and across all industries still struggle to get the basics right. People continue to be the weakest link in implementing effective security and human failings are increasingly being exploited by attackers to gain access to confidential information. 

Businesses should focus on their critical information assetsBusinesses cannot sustain an approach of protecting all their information at all times. Instead, businesses increasingly need to prioritise their information assets and focus their resources on their ‘crown jewels’.  This enables a more sophisticated risk-based approach to security which balances the benefits and costs of security measures."