Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

TECHNOLOGY

How poor cybersecurity policies disrupt business continuity

How poor cybersecurity policies disrupt business continuity

 

Cyber threat expert Stephen Leach, Detective Inspector and Head of Business Development at NEBRC, reveals why cybersecurity and business continuity planning is essential for all businesses, no matter their size

As the world moves increasingly online, risk management professionals and business owners must continue to invest in the prevention of cyber threats. It’s surprising, to see just how many businesses have plans in place for all sorts of things such as fire, flood and COVID-related issues, yet don’t have any action plans in place should a cyber attack occur.

What happens in the minutes, hours and days after an attack is crucial. This is where business continuity planning can be vital lifeline, with a sound plan saving time and money whilst a threat is addressed. 

Why is a strong cybersecurity policy so important?

A detailed cybersecurity policy is an essential part of any business continuity plan. It ensures that businesses are adequately addressing any weaknesses, are prepared for potential threats, and are ready to mitigate an attack should the worst happen.

Organisations need to be able to detect and respond quickly and effectively to a cyber incident to reduce the financial, operational and reputational harm it can cause. It is crucial that a team has effective cyber security and robust incident response plans in place to follow.

A poor cybersecurity policy can disrupt business continuity making a cyber-attack more likely as defensive measures aren’t in place. It can also make attacks worse as policies necessary for recovery aren’t established and ultimately impact revenue and productivity, all of which affect the bottom line.

  1.     How poor cyber policies can cost businesses money

A data breach can result in a variety of costs, such as fines, lawsuits, and extra staff wages. This includes direct costs paid to IT consultants or the attackers, long term costs such as hiring new staff or improving security, and indirect costs where staff couldn’t complete their work or devices needing replacements.

Under GDPR regulations, an individual is also entitled to claim compensation from an organisation if they’ve experienced material (e.g. loss of money) or non-material (e.g. suffered distress) damage as a result of the organisation breaking data protection law. This may result in further financial losses and reputational damage.

  1.     How poor cyber policies can cause a loss of reputation

Knowing that a company has been a victim of a data breach can stop customers from trusting the brand and influence them to choose a competitor or avoid the affected company’s services. Consumers don’t want to risk their own personal data, so providing it to a company with a poor cybersecurity policy isn’t worth it. This can result in a loss of revenue for the organisation. 

This can also create a snowball effect. Knowing that consumers don’t trust the business can influence other businesses’ decisions on whether to work with them. Because of this reputational damage, many businesses won’t want to be linked to that brand and may choose a competitor as a result.

  1.     How Poor cyber policies reduce Productivity

Productivity loss as a result of a data breach can be one of the most common business continuity disruptions faced. There are many forms this could take, such as a hairdresser losing access to their diary booking system, a construction company losing access to their subcontractor database, or a small manufacturer losing their production line and communication with customers.

In the short term, a cyber attack will take unplanned time to deal with. This can be from mitigating the attack or downtime through loss of access to networks and data. Overall, 24% of businesses say that a data breach prevented staff carrying out their day-to-day work, this could result in missed deadlines and overtime.

Long term, compromised financial or personal data takes time to correct, as well as time to conduct cybersecurity training and complete audits to update your policies.

What can businesses put in place to reduce losses?

Businesses can however, take measures to reduce such losses. A cyber business continuity exercise is an important part of the process for creating a plan to identify major risks which could cause significant disruption. 

The policies created from such exercises will then form your defence against attacks and potential losses. The policy should identify threats, list actions taken to prevent these threats and persons responsible for actioning, maintaining security and responding to breaches. 

The aim is to then take steps to prevent these disruptions where possible to allow essential processes to continue. The requirements of a cybersecurity policy are ever-changing due to new techniques and tools being used by cyber criminals and should be reviewed regularly. Especially following an incident to determine whether the current policy is still appropriate.

Mitigations listed within the policy might include things like antivirus software and firewalls, managing updates and patches needed to ensure things like browsers and plugins aren’t at risk. It can also include operating systems, and other internet-facing applications. 

Additionally, policies should cover what data an organisation has, how it is processed and protected showing compliance with GDPR regulations. This is especially important since the majority of booking systems and account details are now stored online.

Businesses who need help reviewing their business continuity plan or advice on running exercises such as gap analysis, impact assessments and determining risk can get in touch with non-profit organisations such as the North East Business Resilience Centre. In partnership with the Police and the NCSC, the organisation uses elements modelled off of the International Business Continuity Management Systems standard ‘ISO/IEC 22301:2019’ to help strengthen and sense check any plans.

Poor cybersecurity practices can leave businesses exposed to financial and reputational losses.

About Stephen Leach:

Steve is a Detective Inspector with 28 years policing experience, the majority spent within CID, both at a Force and Regional level. Steve is currently seconded to the NEBRC and has always had an interest in the digital and cyber world. 

Prior to joining the police he graduated university with an Electronic Systems Engineering degree. Within the police he has worked in internet investigations and managed communication data investigators, radio frequency technicians and Digital Forensic Examiners. More recently he was part of the team that was responsible for creating the force-wide Cyber Crime Unit. He has previous experience of force and region-wide Projects from design through implementation to delivery. 

 

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts