Businesses need to be more proactive against cyber attack threat

Simon Colvin and Stuart Davey, Partners at Pinsent Masons

The number of significant cyber attacks doubled in the last year despite the National Cyber Security Centre (NCSC) receiving the same number of calls for support - which highlights the need for greater vigilance in implementing security.

But the headline-grabbing attacks on the likes of Jaguar Land Rover, Marks and Spencer and Co-op underline how hackers are targeting significant national organisations and infrastructure in their attempts to penetrate cyber defences.

The NCSC report chimes with our experience of engaging with clients - the high profile cyber attacks this year have elevated cyber risk up the agenda of boardrooms. Whether those senior leaders choose to respond to this risk is a decision for those organisations.

However, reading the open letter from the Co-op's CEO, Shirine Khoury-Haq, must surely emphasise why taking this threat seriously is so important. Her warning that "nothing truly prepares you for the moment a real cyber event unfolds" comes as the NCSC issued its annual report, highlighting the increased risk to infrastructure and nationally significant organisations from cyber attack.

The NCSC revealed it had investigated 429 incidents in the year, but that 204 of those (48%) were classed as "nationally significant". Of those, 18 were in the top category of alert, up 50% on the previous year and a third consecutive year of increase in the category.

In his foreward, NCSC CEO, Richard Horne, said: "Nobody wants to believe their business could grind to a halt following a cyber attack. But any leader who fails to prepare for that scenario is jeopardising their business's future.

"Over the last year, cyber attacks on household brands have brought the NCSC's work to the forefront of public consciousness. Empty shelves and stalled production lines are a stark reminder that cyber attacks no longer just affect computers and data, but real business, real products, and real lives."

While the NCSC is launching a cyber security toolkit for businesses to help improve their resilience and preparation in case of a hack, the report also warns that companies in the UK have to do more to protect themselves from malicious attacks.

"While the cyber threat evolves, one thing remains constant; cyber criminals continue to exploit basic weaknesses in systems," the report warns.

"Despite this, many UK organisations still aren't guarding against even the most basic cyber threats. We need more organisations to take action now, to put in place the foundational cyber security controls that will raise both their resilience and that of the wider UK."

The NCSC urged businesses to make use of early warning feeds, have better contingency planning - and keep those plans available offline - and have insurance, which can be available free for smaller firms completing its cyber essentials training programme.

All too often we see vulnerabilities in the supply chain as the key entry point for the cyber attack. That may be a helpdesk or another service where the attacker can gain access to the main business systems.

So more than ever, it is essential for businesses to be looking at their supply chain arrangements and assessing any contractual gaps or operational vulnerabilities. The NSCS guidance underlines that need, so businesses need to act now.