Over the past decade, many industries have experienced a surge in digitisation. From the introduction of digital twins, robotics and AI, to cloud computing and IoT, this technological boom has fuelled growth, efficiency and profitability, but also exposed organisations to a wider range of cyber threats by increasing the attack surface.
With digital transformation now embedded into processes, and a low tolerance for operational disruption within industries such as manufacturing, cyberattacks can have a significant impact on production, operations and costs, making many a lucrative target for cyber criminals looking to deploy ransomware attacks (malware that holds a victims data or IT systems hostage), knowing a ransom will be paid to avoid costly downtime.
The latest statistics estimate that in 2023 the cost of cyber-crime in the UK was £254bn, with that expected to grow to £358bn in 2024. Despite this, the latest UK Cyber Security Breaches Survey reports that only three quarters of businesses consider cyber security to be a high-priority for senior management – a figure that has remained the same since the previous year, mostly likely due to the economic climate.
As rising costs continue to put pressure on operating profits, it’s difficult to justify the cost of cyber resilience as there is no direct ROI, but for many, it is only after a cyberattack that senior management can see the value.
Investment in cyber resilience is not all about spending money on the latest tech to prevent an attack, but also strengthening an organisation’s ability to detect, effectively respond to and recover from a cyber incident, to minimise the operational impact at the earliest opportunity.
Response and recovery procedures should consider:
People – trained first responders available 24/7.
Process – formalised and tested incident and business continuity response plans.
Technology – equipping staff with the necessary tools.
In the same way organisations conduct evacuation drills to respond to fire alarms, they should be testing their ability to respond to and recover from a cyberattack with the same success. This could be gained through tabletop rehearsal exercises which simulate a major cyberattack, as well as through regular training and awareness to test response strategies to quickly restore operations.
When it comes to investment, it is important to take a risk-based approach to establish a cyber resilience strategy. By understanding the impact the most common cyber threats could have your organisation’s ability to achieve its strategic vision, and how likely it is that they could occur based on current controls, senior management can make informed decisions on whether to invest in cyber resilience to treat the risks identified, or whether to accept and monitor the risk.
If you want to understand more about the latest cyber threats that your organisation faces, assistance with getting started with a cyber strategy or you want to understand how to gain assurances over your response and recovery procedures, get in touch with David.dove@waterstons.com