A single cyber incident can halt production lines, dent customer confidence, and wipe millions off a company’s share price – as Jaguar Land Rover (JLR) discovered after it was forced to shut down operations last week.
This incident is a stark reminder that cyberattacks are no longer rare, nor confined to small or poorly protected businesses and that even global brands with sophisticated IT systems can be brought to a standstill. For UK businesses, the question is no longer if a cyberattack will happen, but when.
There is though, much a business can do to prepare for a cyber-attack to both reduce the prospect of falling victim to an attack and to mitigate the loss they can cause.
Preparation: A Non-Negotiable First Step
Effective cyber resilience begins long before an attack occurs, and preparation can be key in mitigating the financial, technical or reputational damage. As such, many boards are now beginning to treat cybersecurity as a strategic priority, not a technical afterthought.
Effective preparation can encompass several aspects, and this can differ from business to business.
Often, this includes the creation of a clear, rehearsed incident response plan that identifies who does what in the first 72 hours and beyond, from isolating systems to briefing the regulator. The most effective plans are rehearsed by running crisis exercises and simulations so that staff know their roles, and leadership can practise decision-making under pressure.
Backing up your systems and testing that systems can be restored quickly if compromised is also critical, with the JLR incident showing just how much damage a full shutdown of operations can cause.
Staff can also be more effectively trained to spot phishing attempts, unusual device activity and other red flags which may indicate an attempted breach of a company’s systems. Staff should also be made aware of the importance of ensuring that they install the updates that are rolled out by their IT team.
Cyber insurance is also key. There are many specialist brokers than can assist in tailoring a policy to the risks faced by the company. The process of obtaining the insurance often highlights issues with the company’s existing security and should provide essential support in the event of an attack.
Without such planning and preparation, a business will become more vulnerable to an attack and struggle to respond effectively when the pressure begins to increase.
The First 72 Hours
If – despite your preparations – you fall victim to an attack, the first 72 hours are critical. This is where your planning pays off.
Where personal data may be at risk, the Information Commissioner’s Office will need to be informed within 72 hours, and you may also need to notify your customers and suppliers of the risk. A PR team with expertise in crisis communications can be an important ally to avoid lasting reputational damage to the business.
Engaging law enforcement at the earliest opportunity, is also advised. Reporting the incident to the police and Action Fraud creates a record that can support with recovery and wider investigations. Notifying your insurers as soon as possible so you get support from specialist ‘breach response’ advisers, including lawyers and computer forensic specialists, can avoid a misstep during a chaotic and stressful time.
A computer forensics team can move quickly to quarantine the effected systems and help you recover operations quickly whilst also preserving evidence. A breach response lawyer will ensure you comply with your regulatory obligations and assist you in formulating a strategy to minimise the claims from suppliers and customers that can often follow.
The Ransom Question
One of the hardest decisions for businesses who fall victim to a ransomware attack is whether to pay a ransom – where one is demanded. While the National Crime Agency strongly advises against this, as there is no guarantee of restoration, and payment encourages further crime, many organisations faced with operational paralysis may consider it a last resort.
Such ransom payments are often demanded in crypto, and their payment can be covered by insurance, so it is important for businesses to check their policies to see whether this forms part of their cover. It may also be possible to recover the ransom even after it has been paid. Specialist lawyers in crypto recovery can advise whether this is a possibility.
Lessons from JLR
The lesson from the JLR incident is simple: cybersecurity is no longer just an IT problem – it is a boardroom issue.
Boards must demand robust planning, allocate resources, and ensure rehearsals are carried out. Only then can a business minimise financial and reputational damage when an attack occurs.
Dominic Holden is Director at Lawrence Stephens
