When is a plan not a plan? When it is an out-of-date plan. The latest research from the industry-respected Ponemon Institute, reveals that 26 per cent of IT and IT security professionals from UK companies have some sort of cyber resilience plan, but that 49 per cent of these have either not reviewed or updated it since it was first put in place.
In a world where the sophistication and determination of malicious attackers is on the increase, this is concerning. Because it effectively means that nearly half of those who have actually made a concerted attempt to develop cyber resilience are not actually maintaining these defences. So, when even those who have put in place a strategic plan are failing to update it, where does this leave UK organisations and businesses? Well, at the very least, it puts those with an up to date, regularly reviewed plan at a sound competitive advantage.
Research shows that a Business Continuity Management (BCM) plan, applied consistently across the entire enterprise with senior management’s support makes a significant difference in the ability to achieve high level cyber resilience, thus protecting financial and reputational assets. Made up of the Business Continuity Plan (BCP), Disaster Recovery (DR) plan and Business Impact Assessment (BIA), the BCM process identifies risks, threats and vulnerabilities that could impact an entity’s continued operations in the face of potentially damaging attacks. An effective BCM plan provides a framework for building organisational resilience and the capability for an effective response; but it also goes further than that.
An overarching strategic plan also sets out how the individual BCM strategies will be delivered into the future. This includes the assigning of responsibilities, the establishment and implementation of BCM within the organisation and its ongoing management. Properly executed, this not only builds in a level of business resilience but also the capacity to continue to adapt quickly to disruptions, maintain continuous business operations and safeguard people, processes and technology into the future.
Planning is the key to an effective strategy, as is exercising the plan to ensure that it is effective and continues to support the business appropriately. It is worth considering bringing in professional expert support at this stage to assist in developing and maintaining an ongoing BCM plan that not only ticks the boxes but actually has a scheduled updating process, delivering optimum results in the event of a breach. The cost of professional input is cost effective in the context of restoring business function.
To find out more visit Business Continuity Management