WEB AND MOBILE FRaud
New guidance to help businesses deal with cyber attacks
Revised guidance designed to help organisations safeguard and maintain business continuity during and after periods of disruption realised by disasters, cyber attacks or other incidents has been published by the British Standards Institution (BSI).
The ‘Cyber Security: Information and Communication Technology Readiness for Business Continuity (BS ISO/IEC 27031:2025)'* offers a systematic approach to prevent, predict and manage ICT disruptions, thereby ensuring that organisations can safeguard critical operations.
Cyber security breaches pose a significant threat, with 50 per cent of businesses and 32 per cent of charities reporting a cyber security breach or attack in the last 12 months alone. The attacks cost each business (of any size) an average of approximately £1,205. For medium and large businesses, the monetary amount grows to £10,830.
In April, retailers including Marks and Spencer, Co-op, and Harrods were severely disrupted by ransomware attacks on their business, with functions still offline up to a month later.
Updated for the first time since 2011, the guidance now takes into account the increased dominance of cloud ICT services and the growing sophistication of cyber criminals as they’re no longer solely targeting Critical National Infrastructure such as hospitals and power grids, but also commercial companies through tactics including social engineering.
David Cuckow, director of digital at the BSI, said: “We are seeing cyber criminals operate increasingly complex attacks on businesses with enormous consequences for the global economy. When an organisation is blindsided with digital disruption, it’s crucial that it has the right planning in place to protect its people, information, systems and technology.”
Cuckow continued: “The newly revised standard aims to offer best practice guidance for organisations to systematically plan, prepare and manage their ICT resources to ensure the continuity of critical business processes in the face of disruptions. It’s intended to embed digital trust into organisations of all sizes, assuring that they can maintain uninterrupted business operations during disruptions and reduce recovery time and data loss after incidents occur.”
The revision is designed to enhance co-ordination, prevent the duplication of effort and integrate ICT resilience into broader security and business continuity strategies, while in parallel extending information security incident management practices into ICT readiness planning and training and making it a Board-level priority and capability.
The guidance also builds stakeholder trust, reinforces leadership accountability and supports long-term business sustainability.
Notable updates since the 2011 version include updated methodologies for risk management, incident response and continuity strategy implementation.
*Copies of Cyber Security: Information and Communication Technology Readiness for Business Continuity (BS ISO/IEC 27031:2025)' are available online.
