Prepare now: threat of cyber attacks on companies is higher than ever - Scottish Business Resilience Centre

The threat of a cyber attack on companies small and large is higher than it has ever been, but the Scottish Business Resilience Centre is working on ways to combat the risk and help firms be proactive
Jude McCorry and Mike Smith at the SBRCJude McCorry and Mike Smith at the SBRC
Jude McCorry and Mike Smith at the SBRC

According to market research firm Ipsos, cyber attacks on UK businesses peaked at 46% during the Covid-19 pandemic.

Though the number has stabilised to around 39% of businesses reporting an attack over the past two years, that's still too high by any calculation, especially considering that only 19% of organisations have a formal incident response plan. And only a third have staff assigned to tackle an attack if it occurs.

These are worrying findings, given the cost of cyber security breaches for organisations in the UK. Statista found that while the average is £1,200, that rises to over £8,000 for medium and large businesses. These numbers don't consider the additional and longer-term costs, such as the impact on reputation or time spent managing the attack – all of which can quickly add up.

Be proactive in the face of a cyber attack and strengthen your digital securityBe proactive in the face of a cyber attack and strengthen your digital security
Be proactive in the face of a cyber attack and strengthen your digital security

Limit the effect of an attack

When a cyber attack happens, things often move quickly and snap decisions need to be made. Any hesitation or wrong choice, and there is a risk of irreparable harm to any organisation and its reputation.

One of the best ways an organisation can prepare for a cyber incident is by taking a proactive approach and implement a formal incident response plan.

In partnership with CyberScotland, the Scottish Business Resilience Centre (SBRC) has created a Cyber Incident Response Pack, which provides practical advice to businesses on handling a cyber-related incident. The easily digestible pack includes longer-length advisory pieces on reputation management and legal considerations, best suited for small and medium businesses or charities that don't have in-house incident response teams. It also contains checklists and editable documents which centralise the important contacts businesses must speak with when experiencing a cyber incident.

Jude McCorry, CEO of SBRC, said, "It's no longer an option to create an incident response plan and then leave it to gather dust; with the threat of a cyber attack higher than ever, businesses must be proactive when it comes to protecting themselves."

Of course, help is never far away if an organisation is the victim of cybercrime. At SBRC, we offer a free Cyber Incident Response helpline on 0800 1670 623. The Incident Response team will provide expert guidance to get you back to secure operations. Or, if you are concerned about your organisation's security in general, call our free helpline to confirm you have the right processes in place. Our Incident Response service, led by former Police Scotland Cyber Investigator Mike Smith, has supported over 140 public, private and third-sector organisations since it launched in 2020 in partnership with the Scottish Government and Police Scotland.

Testing your cyber limits

Strengthening digital security must include regular cyber exercising or testing an organisation's response to an attack. As any cyber security professional will admit, it's not a question of "if" an attack will occur but "when". No organisation is immune.

Exercise in a Box, developed by the National Cyber Security Centre and delivered by the Scottish Business Resilience Centre, is an ideal way for organisations to safely test defences in the face of an attack without putting any data at risk. These free, practical workshops simulate real-life scenarios, such as what to do in the case of a data leak, a ransomware attack or a digital supply chain attack.

Over the past two years, almost 2,000 individuals from over 550 Scottish organisations across the public, private, and third sectors have attended at least one workshop and safely tested their response to a cyber attack.

To learn more about SBRC and our services to improve Scottish organisations' cyber resilience, visit