Cyber security is being tested like never before as the frequency, sophistication and destructive impact of cyber-attacks increases globally. And with attacks on the rise, successful breaches can cause losses ranging from reputational damage to financial bust. As a result, businesses across every sector seek innovative solutions to protect their IT systems.
There’s no silver bullet for fighting continually evolving threats but becoming more cyber resilient may well be the difference between a blip and a catastrophe.
What is cyber resilience?
Cyber resilience is your organisation’s ability to continue business operations despite a cybersecurity or data loss incident.
Think of it as digital fitness. It’s about being in tip-top condition to roll with the punches and respond to threats no matter where it’s coming from.
Cyber resilience: The benefits
Cyber Resilience provides the following benefits to your business:
- Reduces your business’s financial losses by providing overall security and resilience to your IT systems
- Improves the processes of your IT systems by ensuring users only have the access they need to perform their duties and nothing more
- Protects your brand reputation by enabling you to efficiently manage cyber risks
- Offers continuity to your business operations in case of an attack or security breach
How does Cyber Security differ from Cyber Resilience?
The main difference between cybersecurity and cyber resilience lies in their intended outcomes.
- Cybersecurity: Consists of IT processes and measures designed to protect systems, networks, and sensitive data from cybercrimes. Effective cybersecurity reduces the risk of cyberattacks and protects your business from deliberately exploiting your IT systems.
- Cyber resilience: Has a broader scope- cybersecurity and business resilience. It accepts that attackers may have the advantage of innovative tools and the element of surprise. This concept helps your business prepare, prevent, respond, and successfully recover to your pre-attack operations.
Science parks and cyber resilience – A case study
The risks for science parks
Science parks, by nature, have a set of unique risks that can be exploited through cyber-attacks. This is due to their onsite knowledge and intellectual property (IP) and personal information, which are catalysts for attacks.
Often, cyber resilience is not at the forefront of the tenant’s mind; the mission statement is. As a result, today’s science parks are continually under threat from nation-states, activists, corporate espionage, terrorism, and organised crime.
Typically, the costs associated with a cyber-attack can be categorised as obvious and hidden. The obvious or common costs of a cyber-attack or data breach include technical investigation, remedial action, customer notification, public relations, and any litigation resulting from the incident.
The hidden or less visible costs associated with an incident include operational disruption, loss of IP, increased insurance premiums, regulatory compliance penalties, a drop in share price, and lost customers.
The consequences of lost intellectual property (IP)
The loss of intellectual property such as patents, designs, copyright, trademarks, and trade secrets can cause a loss of competitive advantage, lost revenue and long term, sometimes terminal financial damage. In 2019, Craig German pleaded guilty to stealing trade secrets from an aircraft company where he worked to help a competitor develop their own anti-ice aircraft technology. German copied numerous confidential documents onto a portable storage device from the aircraft company, and then emailed those documents to a co-conspirator. German was sentenced to 6 years in prison for conspiracy to steal trade secrets.1
In the life sciences sector, clinical trial data is one of the most important types of intellectual property. This data is central to bringing new drugs to market. Now, imagine the implications of this data being stolen or compromised because of a cyber-attack. The costs of having to repeat a clinical trial plus the potential lost revenue due to production delays would be astronomical.2 In fact, the costs of a delayed clinical trial can range from hundreds of thousands to millions of pounds per day. The average cost of a data breach in the pharmaceutical industry is £4.1million.3
Cyber resilience and science parks – The strategy
As our workplaces have changed, so has the cyber-threat landscape. The acceleration of the remote workforce means that business continuity must adapt to protect the post-pandemic way of working.
We recommend completing a Business Impact Analysis (BIA) to understand how cyber resilience applies to your business.
A BIA will measure your systems against criteria deemed critical to your business. It determines how disruptions may impact your business, processes, and activities. Crucially, it will inform your business continuity planning and recovery decision.
Becoming cyber resilient requires your IT team or managed services provider to work harmoniously to enforce tighter security. Your team must diligently monitor your network for any signs of a developing threat and take the necessary steps to minimise its impact.
Furthermore, your IT team will need to protect all your endpoint devices – which is essential with the rise in remote working. Likewise, you must identify and protect your business-critical data and have robust backup and recovery plans. We also recommend rehearsing your cyber incident response to ensure your IT team knows what to do during an attack.
Cyber resilience and science parks – The rewards
A sound cyber resilience strategy will help ensure your business can continue operating during an attack, albeit at a reduced capacity. Being cyber resilient may be the difference between a crippling outage that persists for months and a mildly inconvenient incident that lasts for a few hours.
To learn more about the business benefits of cyber resilience, contact our Chief Information Security Officer (CISO), Geraint Williams for a consultation.
Sources: