13 September 2017

  |  CBI Updates Team

News

#CBICyber breakout session review: How should an enterprise prepare for a cyber-attack?

With over half of businesses encountering a breach last year, preparing for a cyber attack is a crucial part of any company’s strategy.

#CBICyber breakout session review: How should an enterprise prepare for a cyber-attack?

How can a business prepare for a cyber-attack?

With over half of businesses encountering a breach last year, preparing for a cyber attack is a crucial part of any company’s strategy.

At the CBI cyber conference, Dr Walter Bohmayr (CISSP), Senior Partner & Managing Director, BCG talked delegates through a simulated cyber- attack based closely on real life examples.

The scenario: A fictional multinational company, ACME, with thousands of employees on the verge of a massive product launch is hit by a serious malware attack. Multiple systems are affected, communication channels go down and sensitive data and intellectual property are at risk. The hackers are demanding £5m in a ransom payment to get the data back.

What do you say to your customers, employees and shareholders?

Discussion in the room focused on the need for businesses to be consistent in the information they provide to their staff, customers and the press. Businesses affected by cyber breaches need to be empathetic in their responses to stakeholders and be clear on the steps they are taking to protect their customers. Above all, the board needs to be sharing reliable information and communicating regularly.

What should ACME have done in the run-up to the attack?

Participants talked about the need for accountability at the board level, before, during and after an attack. Engaging cyber training is a must – on average 10% of employees fail a phishing attack. Finally, the technology underpinning many businesses systems needs to be viewed as an investment in customers and shareholders.

The latest evidence suggests that only 1 in 10 businesses in the UK have a formal incidence response plan. The takeaway was clear – companies must be talking about cyber at the board level and start preparing now. 

Thanks to our partner BCG for facilitating the breakout session. Join the live conversation on #CBICyber