Five tips to avoid, manage and respond to a cyber attack

The digitisation of businesses and the increasing reliance on technology for core business operations has heightened the risk of a cyber attack. In fact, in this day and age, it's a matter of when – and not if – a cyber attack will take place. 

A cyber attack can cause significant financial loss, intellectual property theft, disruption to business services and can also damage investor and consumer confidence in a particular organisation. IBM's 'Cost of a Data Breach' report estimates that the global average cost of a ransomware attack in 2022 was USD $4.54 million, and the average total cost of a data breach that same year was USD $4.35 million.^[1]

It is therefore imperative for businesses to invest in developing policies and strategies which will help them avoid, manage and respond to cyber attacks. We set out our five top tips below.

1. Stay (cyber) healthy

Good cyber hygiene is a crucial component of a company's safety and may help businesses avoid cyber attacks. Staying cyber healthy means adopting habits and policies which promote the business' cyber security. Such habits can include:

1. Enforcing strong password policies and reducing reliance on passwords (including using multi-factor authentication) where possible;
2. Implementing regular and up-to-date employee training to assist employees in identifying signs of a cyber attack, including identification of suspicious emails (in the event of a personal data breach which is reportable to the Information Commissioner's Office (ICO), the ICO will ask whether any member of staff involved in the breach had received data protection training in the last two years); and
3. Implementing policies and procedures for reacting to and reporting suspicious activity.

As with all types of hygiene, good cyber health is not a one-off occurrence, but instead is something which has to be embedded in a business and reviewed, reassessed and updated regularly.

A further necessary safeguard, from a data management and compliance perspective, is to ensure retention policies are up-to-date and followed. This prevents data being kept for longer than necessary, thereby reducing risk exposure.

2. Risk management

Businesses should also consider the risks they face and take pre-emptive action to manage those risks. Attacks on a business' supply chain can have severe operational and financial consequences, and a vulnerable supplier may be a point of entry to other businesses. This risk can be managed by taking pre-emptive action to review supply chain risks and understand possible weaknesses, including by reviewing contracts with third-party suppliers to identify red flags in terms of cyber security. For further information on supply chain risk management, see our article Supply Chain Risks: 10 Things You Need to Know.

Businesses should also review insurance coverage and consider whether it's necessary to obtain further policy coverage to insure the business against losses arising from a cyber attack. Sometimes cyber security insurance will provide sufficient cover for incident response, remediation and business disruption – but not always. Businesses should also carefully review any exclusions to their insurance policy. If you do have insurance coverage, in the event of a cyber attack, you should make sure to comply with notification requirements and avoid making any big decisions (like communicating details of the breach to affected individuals/third parties or paying a ransom) without first seeking approval from your insurers.

3. Prepare for the worst

All businesses will benefit from putting in place a Cyber Incident Response Plan which is, in essence, a step-by-step guide to managing an incident in practice. Having a plan in place will help businesses make good decisions, quickly, under the pressure of a real cyber attack.

Having a pre-prepared, regularly tested incident response plan is not just a sensible precaution; it can also lead to significant cost savings. In fact, IBM estimates that on average, businesses with a regularly tested response plan saw an average of USD $2.66 million lower breach costs than businesses which did not have such measures in place.

Cyber attacks can also involve the theft of confidential proprietary information which will not only cause business disruption, but may also result in breach of contract and negligence claims. Perhaps most importantly, a cyber attack can severely damage a business' reputation by leaving it vulnerable to negative media coverage and decreased consumer confidence.

Our off-the-shelf Cyber Incident Response Plan provides businesses with a step-by-step guide to handling a cyber attack. For further information or to obtain a copy, please see contact details below.

4. Seek legal advice

In the event of a cyber attack, the business will need to consider a number of regulatory and other obligations and will benefit from legal advice in doing so. Important initial considerations include:

1. Assessment as to whether a personal data breach has occurred such that a notification needs to be made to the ICO and/or the affected individuals (and the timing);
2. The existence and coverage of insurance, plus whether insurers should be notified (see above in relation to insurance);
3. Any necessary reports to the market, key stakeholders (including contractual requirements to notify customers) and other regulators;
4. Whether and how any third-party forensic IT services should be retained.

It's important to be aware that correspondence and other documents which are created before and in the aftermath of a cyber attack may be disclosable to the regulator or in any litigation. With that in mind, it is prudent to maximise the availability of legal privilege; you should also keep written communications factual where possible and avoid drawing conclusion or admitting fault in the first instance.

Our cyber incident response line is open 24/7 to provide you with additional means of contacting us and obtaining support and advice when you need it, in the event of a cyber incident.

5. Lessons learned

Once you have concluded the response to the cyber attack, it is best practice to consider the lessons learned and what you can and should be doing differently – both to prevent any future attack and in respect of your response to the attack. To learn more about mitigating against cyber attacks, read our previous article on how to prevent ransomware attacks and protect your business from cyber threats.

To learn more about our Cyber Incident Response Plan, please contact Patrick Arben or Amber Strickland. Alternatively, contact our incident response line on 03300577071.

Footnote

[1] These figures represent the cost associated with managing and responding to a ransomware attack and do not include the cost of paying the ransom.