Cyber Security Business Continuity Planning

Tysers Insurance Brokers |


What is a Cyber Security Business Continuity Plan?

A cyber security business continuity plan is a form of Business Continuity planning. Business Continuity Planning is the process of creating a plan to identify major risks to a business which could cause significant disruption, preventing these where feasible, and planning to allow essential processes to continue wherever possible.

A business continuity plan should outline a range of risks including physical events (e.g. fire, flooding and natural disasters), supply chain disruption and cyber-attacks. Cyber risk is often overlooked and the potential impact of business disruption regularly underestimated.

A cyber security business continuity plan (sometimes known as an incident response plan) can help your business to identify a range of cyber risk and outline how to prevent or mitigate incidents where possible. It should also outline the actions that should be taken to minimise business disruption during a cyber emergency.

The benefits of an incident response plan or cybersecurity business continuity plan include; lessening business disruption by providing clear steps, actions and responsibilities, and an increased awareness of cyber risks across a business which can prevent incidents from occurring. By planning incident response ahead of time, a business can also ensure their response is compliant with regulators and GDPR.



What is Disaster Recovery Planning?

A Disaster Recovery plan is an essential part of Business Continuity planning and outlines the steps needed for a business to quickly resume work after a major incident. Whereas a Business Continuity Plan outlines how to ensure a business remains operational during an incident, a Disaster Recovery Plan focuses on the best strategies for recovery following a disaster.

For example in the case of a cyber attack, a Business Continuity plan may focus on ensuring essential computer systems remain usable and securing important data to allow employees to continue working. A Disaster Recovery plan may include instructions for recovering data or making a website accessible following a Distributed Denial of Service attack.



Cyber Business Continuity Planning

Business continuity and disaster recovery in cyber security should follow the same principles as any business continuity or disaster recovery plan, but with an awareness of the specific risks of a cyber attack or breach. Here are the steps you should take:

  1. Assemble your team

    The first step is deciding who to include in your team. This should include people from across the business, including your IT team and Senior Leadership. Each member should have clearly delegated roles and responsibilities, as this removes ambiguity and therefore downtime in a crisis.

  2. Conduct a cybersecurity risk assessment

    This is where you will outline all the possible risks to your business that relate to a cyber-attack or breach. It’s important to consider the impact that the different types of cyber-attacks could have, and the potential regulatory implications of a data breach. It’s also crucial to audit all parts of your supply chain for cyber risk, as a cyber breach from one of your suppliers or partners could put your business at risk and vice versa.

  3. Perform a Business Impact analysis

    Once you have identified all the major cyber risks to your business, you should perform a business impact analysis. This is an opportunity to identify each business impact that could be caused by the disruption of business functions and processes. This analysis will help you determine recovery strategies and which functions and processes should take priority – typically the ones with the highest operational and financial impacts.

  4. Test your systems

    Once plans are in place, it’s important to test your systems to determine if you need to adapt or review your current plans. This will allow you to refine your plans and systems before a cyber breach or attack occurs.

  5. Set up a continuous monitoring process

    Cyber criminals are using increasingly sophisticated methods to breach businesses’ cybersecurity. Processes that may have been completely adequate only a few years ago may now need to change. Continually monitoring your processes to determine any weak points, or improvements that can be made is one of the best ways you can protect your business from large amounts of downtime and business disruption.



What else do I need to consider to keep my business safe from cyber criminals?

cyber education and training

Education and training

According to research conducted by IBM 95% of cyber breaches were caused by human error. Therefore an important part of your Business Continuity planning should be regular employee cyber training to stay ahead of the increasingly sophisticated methods used by cyber criminals. Many comprehensive cyber insurance policies offer employee training as part of their cover to reduce the risk of claims caused by human error.

cybersecurity measures

Cybersecurity measures

Robust cybersecurity is essential to protect your business, and it’s important to invest in some cybersecurity measures regardless of your business size or industry. It is also a requirement of cyber insurance cover that the policyholder ensures there is adequate cybersecurity measures in place, otherwise if an incident occurs claims may be voided.

There are many measures a business can take to protect against cyber attacks including keeping antivirus software and firewalls up to date, using VPNs for encrypted data transfer and remote file access, enforcing secure password policies and multifactor authentication.

Penetration testing can also be a useful tool to help you stay ahead of cyber criminals.  By identifying vulnerabilities in your IT Infrastructure, you can fix any issues before a hacker gains access to your systems

Penetration testing can take the form of Black Box, White Box and Grey Box testing:

Black Box – a tester with no knowledge of the internal systems attempts to breach security, usually using a brute force attack and trial-and-error to find vulnerabilities in the system.

White Box – the tester has knowledge of the IT architecture and systems, and will use these to test and analyse any potential weaknesses.

Grey Box – the tester has some knowledge of the systems, and will use the limited information they have to find potential vulnerabilities or security holes.


cyber insurance

Cyber insurance

Even with robust cybersecurity and the best business continuity plans in place, a cyber breach or attack may still occur leaving your business liable to pay out-of-pocket for a range of costs and liabilities including data and system recovery, notification costs, reputational damage and even legal liabilities.

Both cyber liability and cyber crime insurance cover will help your business offset the costs of recovery after a cyber-related security breach, loss of data, a ransomware attack or a similar event. A comprehensive cyber insurance policy will provide financial compensation for the direct costs incurred, and any liabilities payable to third parties following a cyberattack, a data breach or loss of data.

Many insurers’ policies also offer significant additional value in terms of Cyber Breach Response Support which is an invaluable resource when dealing with cyber-attacks.

These services can include crisis containment, PR and reputation management and independent legal advice. Many policies also offer the services of forensic investigation consultants to identify the point of entry and extent of potential system damages, recover data wherever possible, and advise on how to improve vulnerabilities in your current cyber security framework.


Find out more about cyber insurance here

Latest News & Insights