Companies Advised to Prepare Contingency Plans for Cyber-Attacks

In light of increasing cyber threats, companies are being urged to implement contingency plans to safeguard their operations. The UK government’s recent advisory highlights the necessity for executives to prepare for potential disruptions by maintaining physical documents of essential operational plans.
Importance of Contingency Plans against Cyber-Attacks
The advisory follows a rise in cyber incidents that have significantly impacted notable businesses. The National Cyber-Security Centre (NCSC) indicates that the frequency and severity of attacks have escalated this year. Companies like Marks and Spencer, The Co-op, and Jaguar Land Rover experienced substantial outages due to these cyber threats, leading to empty shelves and halted production lines.
Escalating Threat Landscape
- The NCSC reported 429 cyber-attacks in the first nine months of this year.
- Nearly half of these incidents, approximately 204, were categorized as “nationally significant.”
- Last year, only 89 incidents were classified under this category.
Richard Horne, the NCSC’s chief executive, emphasized the critical need for organizations to devise operational strategies that allow them to function without IT systems. He encourages businesses to adopt a framework termed “resilience engineering,” which is designed to prepare for, absorb, and recover from cyber events.
Understanding Incident Categories
Cyber incidents are classified based on their severity, ranging from localised incidents to national cyber-emergencies. The current year saw a 50% increase in “highly significant” incidents, with 18 classified as such. This trend marks the third consecutive year of rising numbers of severe attacks.
Incident Category | Description |
---|---|
Category 1 | National cyber-emergency |
Category 2 | Highly significant incident |
Category 3 | Significant incident |
Category 4 | Substantial incident |
Category 5 | Moderate incident |
Category 6 | Localised incident |
Many attacks are financially motivated, often involving ransomware or data extortion. While most cybercriminal organizations are based in Russia or former Soviet states, there is a growing number of teenage hacker groups emerging from English-speaking countries. So far this year, UK authorities have arrested seven teenagers linked to significant cyber-attacks.
Utilizing NCSC Resources
In addition to the advice on preparedness, the government encourages companies to utilize free resources provided by the NCSC. One such resource includes complimentary cyber-insurance for small businesses that have completed the Cyber-Essentials program.
By taking proactive measures, organizations can enhance their resilience against cyber-attacks and ensure they are better equipped to handle potential disruptions in the future.