British retailers are still reeling from the spate of cyberattacks last summer. From JLR to M&S to the Co-op, the aftershocks of these attacks – both reputational and financial, have been significant.
The breaches indicate a wider, worrying trend. 71% of UK businesses have paid a ransom in the past 12 months following a material cyberattack. And worryingly, around a quarter of organizations (25%) still pay ransoms during the negotiation stage.
Article continues below
Field CISO EMEA at Cohesity.
A successful high-profile breach against a single organization often triggers a surge of attacks across an entire sector, fueling fierce competition on the dark web as cybercriminals race to outdo each other.
But what does all this mean for British businesses? Traditional tools for threat detection are no longer enough to halt cyberattacks in their tracks. Breaches are no longer an ‘if’ but a ‘when’.
That means organizations need to shift away from a preventative, defensive mindset and towards a broader strategy that prioritizes response and recovery as well as prevention. Let’s take a look at what’s needed to make the change.
One step at a time
One issue is that existing guidance for British businesses is far too vague and doesn’t provide actionable steps or help organizations to benchmark their current level of cyber resiliency.
For example, the NCSC’s Cyber Essentials checklist recommends that organizations rehearse how they would respond to a cyber breach, and practice how to rebuild following an incident.
Whilst it’s good initial guidance, it doesn’t highlight what an effective response and recovery strategy requires: a shared responsibility model between IT, security and the wider business.
Drills have to involve every area of the organization, where every employee understands their unique role and responsibilities in the event of a breach and the steps they need to take. It’s only possible to understand operational capability by testing it. And testing becomes impossible when a business is operating in siloes.
Adding to this, getting business, IT and security in one room and securing agreement on a plan is no mean feat. Business wants agility. IT wants lower costs. Security wants immediate response. It can feel like herding sheep. True organizational buy-in requires an overhaul of people and processes as much as technology.
And a lot of patience. Regulations such as the EU’s DORA have been instrumental in driving cyber resilience. DORA has been effective because it offers organizations specific steps for implementation, as well as a timeline to comply.
Though organizations might not have achieved compliance yet, DORA has encouraged leaders to act sooner rather than later and assess their current impact tolerance and resiliency.
Unfortunately, non-mandatory guidance - like Cyber Essentials - is always going to be seen as an optional, resulting in inconsistent adoption.
Why we need greater focus on data backup and recovery
As well as running cyber drills that span every area of the business, a wider shift needs to happen across the industry.
Much of the focus is still on threat prevention rather than threat response. After high-profile breaches, we often see organizations ramp up investment into tools for threat detection and mitigation, for example, endpoint protection and network monitoring.
However, overfocusing on one type of tool has proved dangerous. Data backup is still an afterthought, left on the backburner. As things stand, a third of UK organizations aren’t accurately identifying and backing up all of their sensitive information.
This failure to back up mission-critical data is why British businesses have experienced lasting impacts on their operations, such as prolonged supply chain disruption. As long as data protection and recovery remain fragmented, organizations can’t hope to bounce back quickly from breaches and risk losing the trust of their customers - and boards.
The good news is that the tools are available today for organizations who are looking to build resilience but are unsure where to start. Modern data protection platforms make it easier than ever to bring security and IT under one umbrella. IT teams no longer have to juggle multiple consoles, or question whether their recovery points are reliable.
When every component across the business is visible in one unified dashboard, organizations can restore critical systems in a matter of hours rather than days. And when it comes to regaining customer trust after a breach, every minute counts.
The long and short of it
Cyberattacks now touch every part of an organization, as incidents compel companies to rethink forecasts, absorb market reactions, and redirect budgets.
Investment into cybersecurity tools isn’t enough to deliver resilience anymore. True resilience is now defined by organizations' ability to keep business-critical processes up and running, during and after a breach.
Backup tools now underpin resilience, because data underpins every function in every business: from HR platforms to supply chain management to payroll. Data backup doesn’t just protect information: it protects the business, its employees, and its reputation when it matters most.
It’s up to business leaders to make cyber resilience a priority within their organization. It’s no longer enough to rely solely on IT and security teams; every employee has a role to play in keeping the business secure and resilient. Culture shifts take time, commitment and persistence. But the payoff is undeniable.
English (US) ·