Protecting private and public sector organisations from cyberattacks

image: @makejmo | iStock

The rise of smart technology in the UK has led to more cyberattacks, so organisations need strong, adaptable cybersecurity plans, as shown by the Capita incident, with a focus on risk assessment, employee training, and cyber insurance

The growing integration of smart technologies into the infrastructure of private and public organisations has created a greater surface area for attacks from bad actors. The UK Government’s Cyber Breaches Survey in 2023 estimates that UK organisations suffered 2.39 million large-scale cyber crimes and 49,000 instances of cyber fraud. [1]

This rising tide of cyberattacks has made comprehensive and expert cybersecurity solutions essential to the public and private sectors. To build cyber resilience, UK organisations will need to focus more on identifying their value at risk (plausible losses).

This will allow them to manage the risk adequately, providing them with a better understanding of their risk acceptance, risk mitigation, and risk transfer to a cyber insurance policy.

A growing threat

The threat to UK organisations was demonstrated in the recent Black Basta cyberattacks in March 2023, which affected sensitive data handled by the public outsourcing business Capita. Handling a variety of processes, including licence fee collection and pensions data for major businesses such as M&S, Capita held the sensitive data of thousands of customers and thus presented an attractive target for cybercriminals. [2]

As business infrastructure comes to rely more heavily on smart technology, the risks of a cyberattack increase exponentially. [3]

Consequently, most UK businesses accept operating within a defined level of cyber risk. This makes the 2023 Cyber Security Breaches Survey of particular concern because it indicates that while over 68% of UK businesses saw cyber security as a major concern, only about 29% had formalised risk assessment strategies.[4]

The importance of risk mitigation

Against this backdrop, it therefore becomes imperative to implement a strong cyber resilience strategy to ensure organisations are thoroughly prepared for a potential cyberattack. Organisations need to consider how to defend themselves and minimise losses, particularly as cyber technology has taken command over more essential processes.

A recent survey by the Office for National Statistics (ONS), for instance, indicated that 19% of SMEs would suffer losses of almost £4,200 from cyber-attacks, which many SMEs described as potentially devastating.[5]

Organisations need to develop cyber risk strategies that respond to their unique needs. Chief information security officers (CISOs) must ensure employees know common cyber threats to mitigate them.

For instance, employees need to remain aware of phishing tactics, which are still one of the most common forms of UK cyberattacks, having an over 83% prevalence in a government survey last year. [6] Increasing employee awareness of the consequences of a cyberattack is one of the best and earliest ways to mitigate it. In turn, if an attack does succeed, cyber insurance serves to minimise damage to the company as well as improve customer confidence.

Proper cyber resilience strategies have become even more essential as the public and private spheres have begun to partner together on shared cyber technology projects. The clearest example is the development of smart cities, in which IoT (Internet of Things) technology regulates everything from waste disposal to transport.

Smart cities are unique sites where organisations collaborate as a shared network. Still consequently, they are also a combination of organisations’ unique cyber risk profiles and strategies.[7] This siloed approach can expose them to unique forms of cyber-attack.

Smart cities demonstrate the need for public and private organisations to have the proper provisions for enduring a cyberattack – as large-scale partnerships become more common, the opportunities for creative forms of cyber-attack rise in turn.

As UK organisations get more involved in cyber technologies and their usages, become more complex, as seen in both the Capita incident and the development of smart cities, organisations need to take better command of their cyber security profile and implement tailored solutions.

What makes good cyber resilience?

A strong cyber resilience strategy seeks improvement and economic efficiency by integrating risk acceptance, risk mitigation, and risk transfer (insurance) to ensure an organisation can endure an attack without impacting its ability to deliver value.

A comprehensive solution is needed to offset cyber risk, yet most organisations have transitioned slowly, leaving them vulnerable. Personalised cyber mitigation plans, crafted with the help of expert advice, will prove essential to cyber resilience.

Similarly, a patchwork cyber resilience approach will do little to stem the tide of potential attacks. So, any solution must be holistic, with quantified risk assessments and a board-level understanding of the value at risk the business faces (plausible losses). This level of protection is imperative in an era of rising cyberattacks, in which cyber criminals seem to be getting consistently more creative and dangerous.

Suppose UK organisations want to defend themselves from cyberattacks like the Black Basta attacks on Capita. In that case, they must craft a cyber resilience strategy aligned with these principles and priorities. As threats to cyber security have become more complex, organisations’ cyber resilience strategies must become more dynamic in response or quickly find themselves outdated.

References

  1. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023#summary
  2. https://www.ft.com/content/ff150b65-8dc6-48c8-b2e4-6b8fbee4ea03
  3. https://www.forbes.com/sites/forbestechcouncil/2021/03/26/cyber-risk-cant-be-eliminated—but-it-can-be-mitigated/?sh=c4a632c6af1d
  4. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023#summary
  5. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022
  6. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022#overview
  7. https://www.securityweek.com/securing-smart-cities-ground/

This piece was written and provided by Si West, Director of Customer Engagement at Resilience Cyber Insurance Solutions

LEAVE A REPLY

Please enter your comment!
Please enter your name here