Nearly a quarter of South West SMEs believe it is just a matter of time before they have a cyber-attack or data breach but admit that dealing with cyber-security isn’t a priority.
These were the worrying findings of a survey conducted by Bluegrass IT and revealed at their excellent 2019 South West Cyber Security Conference.
A ransomware attack could shut your IT system down in minutes claimed Tim Jeffcoat from business continuity and disaster recovery specialists datto.co.uk, who have calculated that the average cost of IT downtime to an SME in the UK is a painful £7,000 per hour.
As well as advice on how to prevent an attack, delegates were instructed on ‘How to respond in the event of a data breach’ by Bluegrass Group MD David Thomas and solicitor Tom Chartres-Moore from Stephens Scown. Both have dealt with a number of data breaches with Tom disclosing that he had dealt with over 180 since the new GDPR regulations had come into action.
They recommend carrying 3 emergency telephone numbers – written in a diary as well as contacts on a mobile phone. They are:
- your IT support company
- your solicitor
- your insurance company.
I’d like to add a 4th emergency service – a professional strategic communications company, a public relations consultant or an internal head of communications. Good communications, internally and externally, are essential in the event of a cyber security breach.
Having a cohesive communications plan in place to be used in the event of any kind of crisis is critical. Clear and consistent messages for staff, customers, stakeholders, suppliers or partners will need to be delivered with a matter of urgency if a data breach or cyber-attack has occurred and you might not be able to rely on email or databases held on your IT system.
In a recent survey published in the Sunday Times, reputational damage was the second most concerning consequence for business executives following a cyber-attack and 75% of consumers claim they would not buy from a company, no matter how good it was, if it was perceived that they weren’t protecting their data according to a IBM Harris survey.
To mitigate the consequences of a cyber-attack, KOR works with clients create a ‘fire policy’ – a document that can be held by key members of the team with clear instructions and contact details of what to do and what to say if the worst happens. We also take into account how best to deal with media interest in your bad news.
Although the media spotlight may only focus on your business for a short space of time, the fallout could potentially last for years.
Prepare for the worst and hope for the best.