At our cyber conference on 10 September 2024, we explored crucial lessons learned from major cyber breaches.

The session offered valuable insights for strengthening cyber resilience and improving response strategies. Our speakers and panellists offered some key takeaways:

Key takeaways

1. Limit your data: Ensure that you are only retaining data that you require for your organisation and for the minimum possible time (recognising any legal requirements for recordkeeping). The more data you have increases the risk of it being compromised, and of you being found to have retained it in breach of your obligations.
2. Map your data: Ensure you know what data you hold, and where it is held. In the event of a cyber incident / data breach, you will then be better placed to establish quickly if, and what, data has been compromised and who you need to notify.
3. Prepare for the inevitable: Build your security environment and incident response plans on the basis that a cyber incident is inevitable. Compromises, in some form, are unavoidable so ensure that you are ready to respond promptly (e.g. by having template notifications and communications, and lists of emergency contacts, ready).
4. Humans are your organisation’s weak point: The majority of cyber incidents / data breaches derive from human actions / errors. Incentivise and encourage employee participation in cyber security, and embed key messaging (e.g. do not use work email credentials for personal activities, do not use BCC when sharing sensitive information).
5. Focus on key achievable security measures: Any ICO investigation following a cyber incident will consider whether the security measures in place at the time were appropriate. Focus on implementing key measures which the ICO will look to, e.g. whether MFA was embedded, data was encrypted where possible, network segregation was in place.
6. Instruct your expert advisers now: The initial hours following a cyber incident are vital. Have your team of IT and legal experts engaged and ready to assist in advance, so they know your business and are ready to act immediately without the delay and hassle of negotiating commercial terms.
7. Legal privilege: Ensure that your cyber response IT / forensic investigation partners are instructed through your external legal counsel to increase the chances of legal privilege attaching to their work product, to protect it from disclosure in later litigation.
8. Plan your decision-making: A response to a cyber incident will require constant, dynamic and difficult decision-making. Ensure that the structures and processes are in place in advance to enable decision-making to take place swiftly when under pressure, and be well documented.
9. Preparation is not a one-off: Security requirements are constantly evolving in response to a constantly changing threat. Test your systems and disaster recover plans regularly.  Incident response plans and preventative measures should be constantly assessed for whether they are up-to-date, sufficient or open to improvement.
10. Don’t underestimate the human impact: Managing the response to a cyber incident will place extreme demands on people at all levels of your organisation. Put plans in place now to support those who will be most affected in leading and conducting your incident response.

At Burness Paull, we understand how challenging and disruptive data compromises can be to businesses and the consequences that can flow from them. Whatever the nature, size or stage of the issue, we can help clients to manage data breaches or cyber security attacks or better still, work with them on preventative strategies to mitigate the risk of them occurring.

To discuss any of the points raised in our conference, or any other queries, please get in touch with any members of our Cyber Security team. Our contact details, along with more details on our practice, can be found here.

Related News, Insights & Events