It's 2am on Christmas Day. You are woken by a phone call informing you that a police raid in central London has uncovered documentation suggesting that your company has been targeted by a group with links to terrorist and state organisations. These groups are renowned for attacking commercial organisations. What would you do?
Sadly, in my experience this is when most companies realise they are ill-prepared to deal with a cyber-attack. I have seen companies struggle to come to terms with the loss of intellectual property (IP), funds, a fall in share value, and their reputation damaged by information that now finds itself on the web.
So how prepared are you to deal with a cyber-attack? Lets start by simplifying this subject. The risk around cyber is simply an issue of information security, the way a company values and protects the precious data it is entrusted with. Too often, information security is viewed as an impediment to a company's operations, and if it is too prohibitive, can indeed damage its effectiveness. It has to be proportionate. We can't remove risk, but we can manage it.