Can Your Business Survive A Cyber Attack?

This article summarizes the board’s recommendations for integrating business and cybersecurity, improving risk management and governance, and updating incident management processes for businesses to build resilience amidst an evolving cyber threat landscape.

October is Cybersecurity Awareness Month, an ideal time to examine your organization’s readiness in responding to an imminent cyber attack.

According to Ponemon Institute and IBM Security’s 2022 Cost of a Data Breach report, a cyber attack could cost a company an average of $9.44 million. This accounts for financial damage from theft of information, disruption of functions, ransomware demands, destruction of hardware and software, and corruption of data. The cost does not factor missed opportunities and reputational damage to the company’s brand, one of its greatest assets, from the loss of customer trust that can occur with cyber incidents.

Taking stock of the latest report by Deloitte’s Center for Board Effectiveness DCBE, this article summarizes the board’s recommendations for integrating business and cybersecurity, improving risk management and governance, and updating incident management processes for businesses to build resilience amidst an evolving cyber threat landscape.


Integrating Business And Cybersecurity

The mindset shouldn’t be “the IT people” are solely responsible for cybersecurity. The National Association of Corporate Directors (NACD) suggests that leaders approach cybersecurity as the organization-wide issue that it is. Consider these cybersecurity principles to improve management oversight of cyber risk —

  1. Approach cybersecurity as a risk management issue for the entire enterprise and not just a technology or IT issue. Cybersecurity may have begun as primarily a technology-centric risk, but it has evolved to become a multifaceted business issue. The ability to manage cyber risk is integral to every aspect of business operations.
  2. Understand the legal aspects of cyber risks that are relevant to the company’s own facts and circumstances. In addition to the business impacts of a breach, companies and directors may also face legal consequences that boards should consider as they set strategy and define risk appetite.
  3. Access cybersecurity expertise, from both internal and external sources, and discuss cyber risk management regularly in board meetings. Cyber risks should be communicated to the board frequently, with adequate discussion about the company’s threat landscape and risk mitigation strategies.
  4. Establish an enterprise-wide risk management framework that is adequately resourced. Confirm that the framework is implemented across the organization at all levels and that it has adequate staffing and budget.
  5. Discuss identified risks with management, including risk prioritization, appetite, and mitigation strategies. This discussion may include a review of options to transfer risks that cannot be practically mitigated using cyber risk insurance.


Improving Risk Management And Governance

Establish an effective alignment between risk management and the internal governance structure to address cybersecurity on an organization-wide basis. This includes defining clear ownership, authority and key performance indicators (KPIs) among all internal stakeholders for critical risk management and reporting responsibilities. 

Consider these strategies for integrating cybersecurity practices into how the business operates and makes decisions —

  1. Review the organizational structure to ensure that the cybersecurity function is adequately represented across the business, internal groups and leadership.
  2. Understand the basis for, and challenge the assignment of, important roles and lines of accountability for cybersecurity strategy, policy and execution.
  3. Set expectations that cybersecurity and cyber-risk functions are to receive adequate staffing and funding and monitor the efficacy of these determinations.
  4. Inspire a cybersecurity culture and encourage collaboration between the cybersecurity function and all stakeholders relating to, and accountable for, cyber risk at various levels (e.g. compliance, privacy etc.).
  5. Ensure an accountable officer has authority and responsibility to coordinate cyber-risk strategy throughout the organization and that the organization has a comprehensive plan for data governance.


Updating Incident Management Processes

Cybersecurity response strategies should include answers to questions such as – What happens in the event of a ransomware attack? How do we respond and communicate the incident? In addition to these, some newer questions that may spark discussion on emerging issues. Such questions might include —

  1. What is the company’s approach to access management throughout the business? Who is responsible for determining access in each of the company’s functional areas? Which function is requesting and granting the highest number of exceptions?
  2. What is the approach to incident response in the event of a ransomware attack? What is the recovery time for the company’s most important business operations? How has the company prioritized business operations based on possible impact? Has the response plan been practiced throughout the company up to the C-suite level?
  3. When was the most recent cyber risk assessment performed, and what has changed since that time?
  4. To what extent has the risk assessment considered risks related to operational technology, not just information technology?
  5. What is the cyber assessment process for mergers and acquisitions? How has the company considered cyber risk with respect to integrating an acquired business?


Investing Is The Key To Survival

A cyber attack is clear and present danger to any organization regardless of its size. Use this guidance to assess your level of preparedness and resilience should one occur.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

IT Compliance Training for the Finance Industry (Get Your Resource Kit Now)

Download UDT’s IT Compliance Kit for financial services – empowering IT leaders to educate staff on compliance, data protection, and security.

Trend Alert! An Insider’s Look at the Latest IT Solutions for the Finance Industry

Explore the latest IT trends in finance and how UDT’s cutting-edge cybersecurity and managed IT services redefine security for the digital age.

Streamlining IT Operations in the Finance Industry—Top 10 Strategies for IT Leaders

Unleash the power of UDT and Cisco solutions with top 10 strategies to streamline IT operations for finance—enhancing security, compliance, and efficiency.

IT Leaders—Here’s Your Checklist for Disaster Recovery Planning in the Finance Industry

Equip your IT department with a disaster recovery plan checklist. Navigate unexpected technological upheavals with UDT.

The Power of Proactive Maintenance: How to Optimize Your Remote Workforce

Are you an IT leader with a remote or hybrid workforce? Maximize your organization’s success with proactive IT. Discover how a Lifecycle Services partner empowers your remote teams for peak productivity.

IT Mythbusters: Top 9 Mistakes Businesses Make With Managed XDR

Confused about Managed XDR? You’re not alone. Stop alert overload, prioritize threats, and simplify security when you optimize MXDR the right way. Learn how.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:


  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,