ICAEW.com works better with JavaScript enabled.

Six top tips for developing cyber resilience strategies

The UK government has allocated £1.9bn to its National Cyber Security Strategy programme, but businesses still need to protect themselves from cyber risk, writes Joe McGrath.

Last year, the government-backed Internet Safety Digital Resilience working group took several small steps to boost cyber resilience by publishing its Digital Resilience Framework – a tool to help people build resilience in their digital life. But this was predominantly aimed at consumers.

The government also announced its upcoming “cyber resilience metrics” initiative. Based on a set of risk-based principles, the metrics are designed to help firms measure and benchmark the extent to which they are managing cyber risk and where further action and investment is needed. When it comes to developing useful digital infrastructure solutions and support for private businesses, these measures do not seem to be top of the new government’s agenda.

But there is hope. The government’s promise to deliver nationwide full fibre coverage by 2033, and for most of the country to be covered by a 5G signal by 2027, will have several benefits for firms. Full fibre will apparently deliver “futureproof, reliable, gigabit-capable connections” that support greater economic productivity, while 5G is expected to see a number of new service providers entering the UK mobile market – creating the opportunity for more tailored solutions to connectivity challenges.

While the government is working on plans to roll out protection, it’s important to have a cyber resilience strategy in place for your business.

1. Identify the risks 

Consider what would happen if there was an outage and identify what information, data and systems are required to keep the business running, and how to best protect them.

2. Involve the whole organisation 

Ensure cyber resilience is part of normal business and staff are trained in the event of an infrastructure breakdown.

3. Simulate incidents

This may involve running through the steps to take if an incident occurred, including investigating the root cause and containing the impact.

4. Have a backup/redundant network connection 

A redundant connection uses different providers and network carriers, so if one network falters, the other network takes over.

5. Use a hardwired connection

For larger businesses, having a primary wired internal network and a wireless network on top could be worth the investment.

6. Have a backup plan

Smaller businesses might consider using more affordable backups such as powerline adapters.

What to do if you face a cyber attack

Responding quickly and efficiently to a cyber incident and its aftermath is vital in order to minimise the financial and reputational damage incurred by a network blackout. Recovery from a digital infrastructure collapse should include developing the right systems to restore any data and services that may have been affected during the outage.

Post-event steps should encompass an assessment of the causes and management of the incident to determine what lessons can be learnt and how to incorporate these lessons into future response activities. An effective assessment should involve documenting how the incident came to light, who reported it, which infrastructure services were affected (and who maintains it), as well as which areas of the organisation were affected and any financial loss incurred. 

A thorough evaluation of events can help a business establish which processes and procedures need improving and whether it would be beneficial to switch to a different network provider, or seek compensation. Management should also inform customers and stakeholders of the incident to minimise reputational damage and client dissent.

Read our article on what happens if something really does break the internet here