Where’s your business’s ‘crown jewels’ and how to protect them

Cybersecurity can be daunting to many small businesses but by identifying their ‘crown jewels’ they can protect the key assets needed to stay operational and reduce the impacts of an incident.

Identifying the ‘crown jewels’

A business needs to identify what systems, data, services and networks are vital to its function and what things the ‘bad guys’ will most likely be after. This process is very much a team effort as every department will no doubt have an opinion on the subject.

To break it down you need to identify what would;

  •  cost the company most financially
  •  what would create the biggest disruption and
  •  cause the biggest reputational damage.

Understanding that you won’t be able to defend against all cyber risks all of the time is the first step needed in discovering where to focus your resources and attention. Getting buy-in from the board is also key as they will need to help communicate key assets and provide the relevant authorisation required to ensure these are prioritised from a security perspective.

“Businesses need to accept they will have to deal with a cyber incident at some point – it will happen. Once this is appreciated the second fact is you will not be able to eliminated every single risk. Businesses need to get to a place where impacts are well understood and focus their efforts in areas to minimise the consequences, keeping the business afloat and recovering to business as usual swiftly as possible. This take buy-in from the top and execution from across all the teams. In short, it’s a collaborative effort as the board may have insights that a security team may not (such as what partners and services must be prioritised). The security team, on the other hand, will know what systems or networks are needed to ensure that the businesses key priorities are met,” said Sachin Bhatt, CISO & Head of Incident Management at CyberScore.

By identifying your crown jewels, you will not only be able to focus your cybersecurity efforts but also accurately assess the threats the business is facing.

Read: CISO Vs. Board – the Eternal Struggle


Reducing the question from; “can we protect these 1,000 things?” to “can we protect these dozen things?” makes the task of implementing effective cybersecurity far easier. It doesn’t mean that you shouldn’t seek to protect the rest of the business, but it does allow you to justify increased spending of resources on those key areas.

Making a plan

Narrowing down what your most important assets are also helps with creating a security strategy and incident response plan.

You will be able to formulate a strategy designed to protect those crown jewels and Incident response planning is a key part of an effective cybersecurity strategy and it’s vital in informing personnel on what their respective roles will be should the worst happen.

Read: What makes a good Incident Response Plan?

With many security incidents being the result of vulnerabilities in older (legacy) systems or misconfigurations a business needs a way to get a clear overview of their systems and see where they are vulnerable. 

Get an overview of your estate with CyberScore

Getting a clear oversight of your organisation’s cybersecurity posture can be a time-consuming process, time that could be better suited to tackling more serious issues such as increasing the defences surrounding your ‘crown jewels’.

With CyberScore you can take control of your security posture by detecting vulnerabilities and gathering empirical evidence and Get-Well plans. The process is rapid, accurate and can be run as often as you like, allowing you to always have an up to date view of your security.

After downloading and running the software across a network, businesses are provided with a free, top-level summary of the organisational calculated risk rating. Detailed technical reports and high-level assessments for the board can also be provided for a fee, and are designed to show any potential vulnerabilities on the network. It can also assess the likelihood of an organisation passing a Cyber Essentials Plus certification.

Want to try CyberScore? Click here for a free trial - cyberscore.com/trial

For Further Reading –

Democratise your cyber security with CyberScore

In charge of cybersecurity? Take Control of what you’ve inherited

Cybersecurity is everyone’s responsibility, not just the tech experts

Follow us on FacebookTwitter and LinkedIn and sign up to our newsletter