Time to integrate Cyber security into Business Continuity framework?

Businesses today are confronted by wide range of cyber-attacks. Cyber threats have risen up the agenda for businesses in the past couple of years. Data breaches have consistently been ranked as the top threats according the Business Continuity Institute (BCI) Horizon Scan Report for the last three years [Source Ref. 1]. This is likely to remain the case moving forward, given the development of technologies and the exponential growth of business data, which may also provide new opportunities for hackers to cause such massive disruptions.

The entire world was astonished with the news headlines on May 15, 2017, of a global cyber attack launched by a group of hackers from North Korea affecting over 200,000 computers across 150 nations. Recent Ransom ware attacks targeted computers and digital networks operating in Russia, China, Japan, UK, France, US and Asia and affected banks, educational institutions, airlines, and some military networks.

While it is not possible to be 100% secure from a cyber-attack, there are number of measures companies can take to reduce the risk of it happening – and to help ensure they minimize the consequences and recover more quickly should a breach occur. Cyber security and business continuity, once considered two separate entities altogether should now ideally work together to minimise costs, protect data, and streamline a timely and effective response to any attacks or data breaches.

A cyber-attack is just another possible scenario in the long list of incidents that organisations should be prepared to counter. Though the IT team will primarily manage the technical response, there are huge issues to manage which deal with basic reputation management. In both cases, all the usual facets of incident management are used including internal and external communications, informing customers, dealing with the mainstream media, social media and managing the issues to back to business as normal.

With the number and severity of cyber attacks growing exponentially, it is essential to establish clear links between the cyber security and business continuity efforts of the organisation. A cyber attack can bring down an organisation’s infrastructure for an unlimited length of time and causes financial impact, which means it has a similar impact to commonly considered business continuity threats like fire, flood, and terrorist attack etc. Hence, there exist potential reasons (as mentioned below) for bringing Cyber Security and Business Continuity under one umbrella.

• Both have the common objective of protecting an enterprise from various dimensions of threat and reduce overall impact on
the enterprise.
• Both require management commitment to demonstrate protective governance.
• Both require suitable plans and responses to contain the threats.
• Reputation management remains a key driver in pushing the cyber resilience agenda.
• Legislative & regulatory changes that are expected to drive cyber resilience will heavily influence efforts in that area.

The European Commission 
is looking very closely at the need for companies to report instances of cyber breaches. Having to report instances of cyber security issues makes the organisation very vulnerable to reputational damage. This is a critical risk for many companies, particularly in the financial services sector. (Ref: Lloyd’s Cyber risk report issued in June 2017).

In view of the above, Fifth Step believes that organisations can better align their business continuity framework to achieve cyber resilience and increase the effectiveness of response structure to strengthen organisation recovery.

To find out how Fifth step can help you, please visit www.fifthstep.com

Source Ref 1: http://www.thebci.org/index.php/download-the-horizon-scan-2017