How to put together a cyber attack business continuity plan

How to put together a cyber attack business continuity plan

A study conducted by the University of Maryland has revealed that a cyberattack occurs every 30 seconds, a number that is steadily increasing with attempts becoming more advanced. Despite the high number of potential threats, only 26% of firms have admitted to having a security response plan in place. With statistics like this in mind, it’s vital that all businesses prepare themselves for the worst case scenario, allowing for regular operations to continue, even in the event of an attack. We’ll be walking you through how you can put together a continuity plan, covering all bases to ensure that you know how to protect your business from cyberattacks

Highlight main threats

In the event of a cyber attack, being able to react quickly is key. By creating a list of the main threats that could potentially harm your business, and researching each one’s key characteristics, you’ll know exactly what to look out for. This could be social engineering attacks, malware, password attacks, or the increasingly popular phishing attack. The Cyber Security Breaches Survey 2021 revealed that, out of businesses that identified being targeted by cybercriminals, phishing was the most common, coming in at a scary 83%. Bearing this in mind, all organisations (regardless of their size or field) should be on constant high alert for any suspicious activity.

Recognise your critical assets 

The next step of your cyber attack business continuity plan should be to recognise your critical assets. By this, we mean the systems that your organisation relies heavily on, and would result in potential collapse if they were to be targeted by a cyber attack. This could include a leak of confidential employee or customer information, mission-critical systems, or those supporting regulatory processes. Upon recognising the risks and the devices that could be affected, write an organised list of prioritisation. In doing this, you’ll be made aware of systems that may need additional monitoring or extra authentication steps.


Communication is essential during a cyber attack, and pre-planning exactly who you would need to get hold of in an emergency allows for a swift recovery. This could involve your own employees, particularly an IT team (if your business has one), an incident team to arrange the response, and legal support if needed. By establishing your relevant escalation points, you’ll hopefully be able to lessen the impact and return back to BAU as quickly as possible. 

Data backups

Beaming uncovered the frightening truth; that almost a million UK businesses don’t back up their company data. The risk of a data breach is always possible, even if you believe you have strict security procedures in place, so it’s vital to carry out regular updates, perform back-ups, and encrypt data. With regards to holding sensitive data in a protected environment, you may choose to store it in the Cloud, a USB Flash Drive, or a NAS (network-attached storage) drive. Evaluate the pros and cons of each, and find out which one works best for your business. 

Adapting your plan

Of course, we sincerely hope that you’ll never have to endure a cyber attack, but if it does happen, take a breather and evaluate the situation. How efficiently were you able to target the problem? Were you able to provide a fast solution? Did you have the correct contacts on hand? As your business grows, remember to re-evaluate your business continuity plan to see whether it needs to be updated, rather than presuming that the same steps still apply. It’ll take work, but having a detailed plan in place is vital for ensuring the future of your organisation after a cyber attack.

Staff security training

We’re going to revisit one of our previous business continuity plan steps here. Always, and we mean always, communicate the importance of cybersecurity with staff members. Maintaining a security culture will involve being completely transparent with your team, providing them with the means to carry out work tasks, and enabling them to get involved with regular training sessions. These will allow them to know exactly what to do if a cyber attack occurs, increasing their awareness of suspicious signs to look out for. If you permit them to use their own devices, it’s crucial that they are trained in BYOD security and understand which websites, apps and networks to avoid. 

Physical security methods

This is where we come in. We want both you and your staff to feel as safe as possible, at all times, protected against the risk of cyber attack. Additional security methods, such as access control systems and commercial CCTV systems, prevent unauthorised entry, eradicating the possibility of a break-in leading to a device hack. In doing this, you can feel rest assured that your premises will be protected, even when you’re away from the office. 

For more advice on enhancing your workplace security, get in touch with our friendly team of experts today. We can work with you to guarantee a safe, protected environment for both you and your employees, so that you have one less thing to worry about.