How would your organisation respond to a cyber attack?

Cyber security is one of the hot topics of the moment, ranking amongst the top risks that UK organisations currently face.

So, as I sat down to write about my subject of interest, with the sun streaming in through the window I experienced a fleeting moment of “oh not now!” when the pop-up on my computer advised me that I needed to reboot my machine to complete the security update that had just been pushed out.  However, while I share the frustration with how these things seem to require you to stop what you’re doing when you have only just got going – or the end is in sight – I also know that keeping your software up-to-date is really important.

Therefore, I did what I have been trained to do and let the update finish its journey, taking the opportunity to drink my now warm-ish cup of tea that I had made not long before.

Which brings me nicely to the question – what is your organisation’s approach to cyber resilience and how would your organisation respond to a cyber-attack?

Hopefully, your organisation has already done its planning. So your “prevention” work has been done, or as some of us like to call it, you have appropriate “organisational and technical measures” in place to make things as secure as they can be so as to try and prevent an attack in the first place.

You might also have worked through your “what if” scenario – so in the event of a successful cyber-attack your organisation will respond like a well-oiled machine to the developing situation, including informing the right people of what has happened at the right time. Yes, those reporting obligations might be within 24 hours or 72 hours of becoming aware of what has happened, but it’s covered because people know who is doing what and who to work with. Hopefully your organisation is also comfortable with handling internal and external communications – giving mixed messages or saying the wrong thing can be unhelpful to your business and those who receive the message.

Wherever you are on your journey to cyber resilience, being compliant with the law along with your commercial contracts can still, at times, feel daunting, particularly as compliance is as much about trying to stop the “event” from happening in the first place as it is about dealing effectively with the event when it unfolds – all the while making judgement calls and then documenting how you got to that point. However, as the old saying goes, out of every challenge emerges an opportunity – an opportunity to streamline your organisation, think about what really matters and cementing that trust in your organisation’s brand that you have all worked so hard to create. To combat a feeling of being slightly overwhelmed, I say prepare, practice, evaluate, prepare!

I would like to leave you with this –  the world has changed and continues to change, and as technology evolves and develops, so will the opportunities and challenges too. Risk and assurance is key to many areas of the law and it is no different when it comes to cyber security.