Sign up to our daily newsletter Sign up Thank you for signing up! Did you know with a Digital subscription to Yorkshire Post, you can get access to all of our premium content, as well as benefiting from fewer ads, loyalty rewards and much more. Learn More Sorry, there seem to be some issues. Please try again later. Submitting...

The UK Government’s Cyber Security Breaches Survey 2024 reveals alarming trends: half of all businesses and a third of charities experienced a cyberattack in the past year. The risks are even more pronounced for medium-sized businesses, where 70 per cent faced attacks, and for large organisations, where the figure rises to 74 per cent.

Small businesses, however, are particularly vulnerable - not just in frequency but in impact. For companies with fewer than 50 employees, a single cyberattack can cost an average of £20,000 to resolve. The long-term repercussions are stark: 60 per cent of small businesses fail within six months of experiencing a cyber incident.

Advertisement Hide Ad

Advertisement Hide Ad

In accountancy, frameworks like FCA regulations or MiFID II provide clear rules to safeguard financial operations, protecting both businesses and their customers from the risks of day-to-day operations. Cybersecurity, however, doesn’t yet have a universal, comprehensive set of standards. This is even though cyberattacks pose equally serious threats, jeopardising not only a company’s ability to operate but also the security of sensitive data - and, ultimately, the organisation’s survival.

Ben Moorhouse is head of sales at Claritas Solutions.

The most common form of attack is phishing, which affects 84 per cent of businesses. Unlike recovering from a physical disaster, where there’s a clear point in time when the incident occurs, cyberattacks can remain hidden in a system for weeks or even months. This makes determining the best point of recovery challenging. Today’s sophisticated malware can lie dormant, waiting to activate at a later date. Worse still, it can be reintroduced through backups, causing chaos and financial losses all over again.

This is where Cyber Recovery (CR) differs from traditional Disaster Recovery. While physical disasters have clear recovery points, cyber incidents require a more cautious approach. Businesses need to validate that their data is free from hidden threats before restoring it. One key element in CR planning is immutable backups, which cannot be altered or deleted, even by administrators. These are critical in ensuring that backup data remains untouched by potential attackers.

Another essential aspect of CR is threat hunting - actively searching for signs of cyberattacks in both backups and restored systems. This helps identify the scope of an attack and mitigates any further risks. Including proactive threat hunting in your CR plan can make all the difference in containing damage and preventing future incidents.

Advertisement Hide Ad

Advertisement Hide Ad

At Claritas, we always emphasise that while disaster recovery plans are crucial for any business, prevention is even more important. Taking the time to assess risks and implement strong security measures should be a top priority—long before an attack occurs. Think of it like installing strong locks on your doors before a break-in happens; being proactive about cyber threats is the best way to protect your business and its future.

As businesses continue to evolve their disaster recovery strategies, it's crucial to ensure that cyber risks are high on the list of priorities. Planning will help minimise the impact of any incident and keep your business and your customers safe.