Book A Demo Today

Cyber attacks / interruptions: preventative and reactive controls

Published on January 18, 2019

How confident are you that your business will continue to operate in the event of a cyber attack or interruption to your online data and services?
Do you know how quickly you could recover from such an incident?
Do you have a tested recovery plan in place?

Traditional IT Security measures alone are no longer sufficient to ensure business continuity. The combination of having Cyber Security controls in place to help prevent attacks and Business Continuity measures at hand to respond quickly when an incident occurs, is now recognised as the best Cyber Resilience approach for businesses.


The main causes of cyber attacks and cyber incidents are human error. Even with the correct security procedures in place, simple mistakes can lead to data being sent to an incorrect recipient, access to secure information being made public and devices such as laptops or storage being lost.

The other more direct causes of data breaches are through unlawful targeted hacking attacks and viruses aimed at stealing information, causing major disruption or for financial gain.


  • How often do these types of attacks happen?
  • I only have a small business, these surely won’t affect me?

Unfortunately, these types of attack are probably more common than you think and either directly or indirectly affect business of all sizes.

  • Do you rely on an online payment system to run your business?

Well, if that payment provider suffers an outage, then the knock-on effects can be serious and long-lasting for many businesses.

Reports show that 80% of companies have had a major IT incident / interruption in the last 2 years and 52% of businesses experience multiple backup (loss of data) failures every year.


Not only are the impacts of outages and interruptions to delivering products and services (sales) felt immediately at that time, but reputationally if these outages were preventable, then future sales are also at risk due to a loss of customer confidence in your services.

The cost of losing critical applications due to an incident has been estimated by experts to cost thousands of pounds per minute.

For companies who lose a significant amount of data, 60% of those will shut down within 6 months due to the knock-on effects.

Therefore, the importance of having business continuity measures in place to respond quickly when an incident occurs is invaluable.

Preventative and reactive controls

There are a number of preventative and reactive controls that can be utilised to minimise the disruption during a cyber incident and the overall financial impact to your organisation. These will form part of a complete Cyber Resilience approach for your organisation.

Cyber resilience refers to an organisation’s ability to continue operating during a disruption and its ability to restore its systems to an effective state within a pre-defined time.

Firstly you must understand what technologies, processes and controls you need - therefore you must analyse!

What’s the threat?

What is our vulnerability to the threat, if it was to manifest and what would the impact be to my organisation?

A comprehensive Cyber Resilience approach is made up equally of both parts Cyber Security and Business Resilience.

Cyber security comprises technologies, processes and controls that are designed to protect individuals and organisations from cyber crime and reduce the risk of cyber attacks.

Business resilience aims to help organisations limit the severity of any successful attack and ensure their survival.

With the successful implementation of a Business Continuity Management System you should be able to identify any risks associated with your information services, identify any vulnerabilities across your network, implement an incident response management programme and build in resilience via your risk reduction / mitigation measures.

The final stage is to achieve compliance to regulators standards such as ISO22301, GDPR and the NIS Directive to help meet your legal and regulatory cyber requirements.

So get going with your cyber impact analysis today!