UK businesses not confident in cyber breach mitigation plans

Despite continuing news of cyber-attacks and data breaches every day, a recent study found that just 9 per cent of UK businesses feel totally confident in their organisation’s cyber breach mitigation plan. 

The new research by BAE Systems, looking into how businesses can react to a cyber incident, found businesses are still struggling to establish plans that will help them deal with this 21st century threat.

Of all the sectors surveyed, manufacturing was the least confident in their organisation’s cyber breach mitigation plan. However, across the board concerns were expressed, with the  retail, distribution and transport sectors only 7 per cent confident, IT just 10 per cent, and professional services a mere 15 per cent. 

James Hatch, Cyber Services Director at BAE Systems Applied Intelligence, says: “Many organisations still see dealing with a cyber security breach as a black swan event, something significant and unexpected that in hindsight could have been prevented, and have not yet made their mitigation plans business as usual. Effective management of cyber breaches requires businesses to be organised and prepared for the threats that they face, with a clear process in place. Everyone involved should be confident in what they need to do.”

According to the survey findings, ‘technology’ was cited by 48 per cent of respondents to be the most important tool in identifying a cyber-attack quickly, with ‘people’ coming in second at 32 per cent. And, whilst it is essential that businesses deploy a combination of people, process and technology in order to be cyber resilient, only 15 per cent named ‘process’ as an important tool.

Commenting, Mr Hatch says: “There are two problems. Most organisations struggle to deal with something beyond the experience of their people. Each time existing experience is stretched it can cause an emotional reaction within organisations. They have to prepare for these new experiences and learn how to handle them in the future. External specialists can help but are most effective when their involvement and arrangements for mobilisation, access and communication are defined in advance. There is absolutely a role for technology and automation, especially in reducing the workload involved in dealing with routine incidents so that security teams have the bandwidth to deal with what really matters.

“The range of incidents that an organisation can face varies hugely from ransomware outbreaks to covert targeted attacks to accidental data breaches. But that doesn’t mean that businesses cannot be prepared for all of these eventualities. The key is to differentiate the routine from the unusual and the urgent from the important and prepare for each with the right combination of technology and automation, people and skills, policy and process. Once this is done, cyber breaches become more manageable and less emotional.”    

Cybersecurity is not only for larger businesses and public organisations. SMEs are in fact some of the most vulnerable targets for cybercrime, and therefore this topic should be at the forefront of all business leaders’ minds.

When putting processes in place for effective business administration, sound management accounts will enable better control of your financial situation and awareness of the business in real time. This can be effective not only in detecting and countering fraud, but also in enhancing planning for the peaks and troughs. In turn, whilst many companies do not need an audit due to rising thresholds, an audit can give comfort to business owners and act as a fraud deterrent.

At Beavis Morgan, we work with SMEs to put processes in place which make it easier to run your business, reduce risk and maintain effective management of your company’s working capital.

Contact Steve Govey or your usual Beavis Morgan Partner for further information about how we can assist you and your business.