Print Article

Are you ready for the inevitable cyber-attack?



  1. Cyber-attacks are becoming more prevalent and increasingly sophisticated, with corporates vulnerable to a wide range of attacks — from
    • Ransomware to business email compromises and,
    • In some cases, nation-state espionage.
  2. The pre-eminent threat lies in ransomware attacks, often carried out by organised criminal groups.
    • They gain access to your networks before stealing data and destroying any backups they can find.
    • They then ransom the stolen data, threatening to release or sell it unless their financial demands are met.
  3. Although the percentage of ransomware victims who pay is falling (down from nearly 80% in 2019 to around 30% today), the number of attacks has almost doubled to over 5,000 known victims.
  4. Ransomware groups took over £2 billion in 2023, doubling their 2022 takings.

Accept the risk.

  1. With this trend showing no sign of slowing, boards must come to terms with this risk.
  2. Cyber-attacks must take a prominent position on the risk register, and even if you take every step that you can think of or are advised to take, the best you can expect is to reduce the risk of an attack happening and lessen its impact when it does.
  • “The thing about cyber risk is that it’s always red. We’re getting to the point where it’s ‘death, taxes and cyber-attacks’. It’s inevitable.” ~ Yasmin Mangalji, General Counsel, Advanced []

3. It’s not a case of wondering what you would do if you’re the victim of a cyber-attack, but rather what you will do when it happens.

Who are you going to call?

  1. Preparation is unlikely to prevent an attack, but it will help when crisis strikes.
  2. Cyber incident response plans — which you can put to the test in simulation exercises — will ensure that senior leaders know their own responsibilities, as well as those of others, when the time comes.
  3. Knowing who to inform, who to consult, and who can make certain decisions will improve your response's speed and quality.
  4. Crucially, however, you need to understand these incident plans — especially if you’re not from a technical background. So, ask the right questions before the crisis and probe, test, and challenge the team until you get answers you understand. What are our key assets? Are we protecting our data, IP, and systems? What are the layers of protection that we have in place? Who gets alerted when there’s an attack, and in what order — and how can we contact them if our usual systems are down?
  • “If they can’t explain it to you, they probably don’t understand it themselves. And if it doesn’t make sense to you, it probably doesn’t make sense to anyone.” ~ Yasmin Mangalji, General Counsel, Advanced

5. This matters because your decisions in the early hours of an attack will determine the overall success of your response.

The first 72 hours

  1. The first 72 hours will be intense; it will be difficult to determine the extent of the attack and to form a holistic picture of how your systems have been affected.
  2. Your first move should, therefore, be to muster your team (internal and external) so you can understand exactly what’s happening and work out how best to stem the bleeding.
  3. There are some practical steps you can take, too. Making sure everyone is using clean devices is a priority early on.
  4. Often, senior leaders are targeted with malware that allows the attacker to monitor the organisation’s response or sabotage the recovery covertly.
  5. You should also disable as many systems as necessary to prevent the attack from spreading to unaffected areas of the business or third parties.
  6. Leaders should keep their cyber response plan somewhere safe to access it even if (or when) their organisation’s communications are taken down.

Don’t bottle it up

  1. Don’t fall into the trap of thinking that you can handle the incident independently, however sophisticated your systems or experienced your team.
  2. You can always go for expert independent advice you can call on at short notice and trust.
  3. During a cyber-attack, tensions often run high — people can quickly blame, and internal teams can (understandably) take a defensive stance.
  4. Bringing in an impartial third party without emotional attachment to the situation can help to diffuse these tensions and plot a route through the chaos.
  • “For the victims of a cyber-attack, it’ll be the worst day of their professional lives. But for independent experts, managing crises is what we do week in, week out.” ~ Daniel Caplin, Head of UK Cyber Incident Response, S-RM
  1. But don’t leave it until you’re under attack to mobilise your advisors — because it’s already too late by then.
  2. You can research your options and build relationships ahead of time.
  3. And if you have cyber insurance, it’s worth finding out what is (and isn’t) covered by your policy and which advisors they recommend or will allow you to work with.
  4. Regarding cyber, specialisation and speed of response count.

Be proactive.

  1. It’s impossible to discount the risk of cyber-attacks, so it’s incumbent on every board to ensure that their organisation is as prepared as possible.
  2. With the average cyber-attack costing businesses $1.7 million, to say nothing of the reputational damage and the 12-24 month distraction, boards can’t afford to pay close attention to their cyber preparedness.



The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email