Categories
Business Advice Cyber Attack Cyber Attack Preparation Cyber Security

Preparedness for Cyberattacks

Preparedness for cyberattacks should consist of prevention (secure procedures and systems) and a plan for what happens if, a successful attack occurs.

UK Government Communications Headquarters (GCHQ) cyber security guidance recommends that organisations:

• Establish an incident response and disaster recovery capability that addresses the full range of incidents that can occur.

• Test incident management plans regularly (GCHQ: Cyber security guidance for businesses).

The internal and external consultants that should form the response team are dealt with further below. Organisations should prepare and circulate contact details of who to contact internally in the event of an attack.

The contact details of trusted external advisers – such as Cyber Security Helpdesk Limited! – in respect of IT, legal and PR matters (we can assist with all of the above!) who are likely to form part of the response team should similarly be kept and updated in a form which can be accessed and circulated following discovery of a breach.

Where incident response policies and procedures are documented, they should be available in formats that would not be inaccessible due to the attack (for example, policies may be inaccessible if encrypted by a virus on a compromised shared drive).

In assessing risks, consider the extent to which the operation of each aspect of the business would be affected by different forms of attack and prepare accordingly.

According to insurance industry surveys, take-up of cyber insurance remains low, with only around 10% of large businesses having any form of cyber insurance. Policies may cover loss and damage to digital assets, organisation interruption, notification expenses, theft of money or assets and even reputational damage.

In the absence of a cyber-specific policy, a comprehensive crime insurance policy or other, more general insurance policy may also cover cybercrime, but this should be confirmed in advance.