Last year, the headlines were laden with cyber attacks and data breaches. In December alone we recorded more than 40 attacks with 33.8 million leaked records, not to mention the infamous global WannaCry ransomware attack in May 2017 left a trail of devastation as organisations were blocked out of their data, halting business operations until a ransom was paid.
These incidents demonstrate that it is essential to ensure that your business can respond to and recover from disruptions caused by common cyber attacks by implementing an effective business continuity management system (BCMS).
Benefits of a BCMS
A robust BCMS can help avoid the consequences that follow a data breach, and enable your business to recover from interruptions swiftly. Alongside this, there are other significant benefits to implementing an effective BCMS according to Ponemon Institute’s 2017 Cost of Data Breach Study: Impact of Business Continuity Management (BCM):
- Reducing the time to identify and contain a data breach
- Reducing the likelihood of a future data breach
- Reducing the overall cost incurred by a data breach
Upcoming UK legislation
The EU Directive on Security of Network and Information Systems (NIS Directive) will be transposed into UK law by May 2018. This Directive specifically targets operators of essential services (OESs) and digital service providers (DSPs) related to the nation’s critical infrastructure.
Those subject to the requirements of the Directive will not only be expected to adopt information security and risk management measures in order to comply, but also measures that minimise the impact of security incidents to ensure service continuity.
The General Data Protection Regulation (GDPR) is also on the horizon and the deadline for compliance is also May 2018. This Regulation affects any organisation collecting and processing EU residents’ personal data and requires effective incident response management.
A robust cyber resilience programme is a fundamental tool for compliance with the NIS Directive and the GDPR. A BCMS is a central element of cyber resilience and is vital to compliance.
Free green paper on implementing a BCMS
Cyber attacks are growing in scale and complexity. An effective BCMS is imperative to enhance an organisation’s cyber resilience and manage the potential fallout after a data breach.
Although executing a BCMS may seem like a daunting task, IT Governance has produced an easy-to-follow nine-step process to implementing a BCMS based on the international standard for business continuity management, ISO 22301.