Strengthening Cyber Readiness

Posted on by BusinessResearchEnterprise

By Phil Chapman, Head of Cybersecurity Curriculum and Senior Instructor

2026 is likely to be another busy year for those of us employed in protecting businesses from cybersecurity attacks.

Current trends indicate that the usual threat actors will continue to operate in order to achieve their motivated intents and that advancement and reliance on new and emerging technologies will continue to play its part.

2025 saw some major cybersecurity incidents hit the headlines and although we cannot undo the impact that these attacks had – we can learn from these incidents and inform the cybersecurity community on what actions we should all be taking to prevent and protect ourselves and our businesses.  The key to success starts with preparation.

It is true to say that when we consider the risk of a cyber incident on our networks – it is a matter of when rather than if it will happen and so planning for the eventuality will be a key consideration for organisations both now and in the near future.

Planning starts with understanding the risks and what constitutes a cyber risk.  Understanding the threat actors at play and the vulnerabilities that they seek out are important – but the risk assessment should begin with identifying assets.  Once this inventory is completed, it is essential to prioritise these and assess the impact on the business should one or more be taken offline or compromised.  This is your business impact assessment (BIA).

Planning leads to policy writing and organisations should ensure that they have the following policies and procedures to hand at a bare minimum.

  • Cybersecurity Policy:  What are the risks?  What assets need to be protected and why?  What laws, regulations or standards do you need to comply with?
  • Business Continuity and Disaster Recovery (BCDR) Policy.  A plan that identifies the assets that need to be protected and what controls are in place to provide resilience and redundancy to systems.  This also includes the people in the team.  Back up plans and procedures and any failover systems that you may have in place to counter the impact of an attack.
  • Incident Response Policy.  This plan may dovetail in the BCDR as they are closely aligned.  This will include the members of staff who would need to be involved in an incident, a communications policy and a legal/HR/PR plan of action.  You will also need to understand what your obligations are for reporting.
  • Acceptable Usage Policy (AUP).  Users must know what they can and can’t do with company equipment and software – and be informed of the reasons why.  This is important for both fixed and mobile assets.
  • User Training and Awareness Policy.  Regardless of the size of your business, get training advice and guidance on how to identify and report cyber incidents and how to keep abreast of new threats and areas of responsibility.  Implement an awareness campaign.

It sounds like a lot to take on.

Help is at hand from some great resources and guidance that are freely available to all businesses within the UK.  In particular the National Cyber Security Centre (NCSC), Information Assurance for SMEs (IASME) and the Information Commissioner’s Office (ICO).

The NCSC provides a self-help guide to businesses of all sizes to create a tailored plan of action and has various resources that will assist in preparing and drafting the policies above.  The ICO provides help and guidance on GDPR and data protection.

You may also consider achieving accreditation such as Cyber Essentials or Cyber Essentials+ which are hosted by IASME.

All of these resources are in place to help plan and prepare organisations for cyber-attacks.

In addition, reach out to your regional Police Cyber Crime Protect Unit or Resilience Centre as they will also be able to provide you with great advice and guidance and can help with additional support, such as user awareness training.

It may also be beneficial to receive training to gain the knowledge and skills required to protect your business and inform others.

Links and useful courses include:

Cyber Essentials: https://getreadyforcyberessentials.iasme.co.uk

NCSC – Advice, Cyber Action Toolkit, Small Business Guide, Cyber Assessment Framework.

NCSC – Awareness Training

ICO: https://ico.org.uk/for-organisations

Training Courses

  • BCS Certificate in Information Security Management Principles (CISMP)
  • ISC2 Certified in Cybersecurity (CC)
  • CertNexus CyberSafe
  • CompTIA Security+

*We strive to do our best when supporting small business and their growth. Our business databases can give you information and data that can help you with advertising, market research, company information, and industry factsheets. If you have already taken the plunge, we would love for you to join us at a seminar, our workshops cover digital marketing, business model canvas and planning, demystifying taxes and intellectual property to name a few. Visit our events page or website for more information.

Leave a comment