About the Author
Andrew Beale OBE

Her Majesty Queen Elizabeth II awarded Andrew with an OBE for his "services to intellectual property and business".

Previously a Consultant with United Nation's World Intellectual Property Organization (Geneva), Andrew has served as Acting Head of the (now) Hillary Rodham Clinton School of Law, an Associate Professor in Intellectual Property Law and Director of IP Wales (an award winning £4m initiative helping  SMEs to risk manage their intellectual assets).

To contact the author click here

Protecting your business will eradicate the threat from all but the most determined cybercriminal. Nevertheless, even if your cybersecurity is up to the Cyber Essentials standard the expectation is one in five cyberattacks are still likely to penetrate your defences.


Planning for the likelihood of a cybersecurity breach requires advance preparation and a comprehensive review of the state of readiness of your business i.e. a well-tested plan of what to do if and when your cyber protection measures fail. Be mindful, however, that each incident will necessitate a proportionate response – overreacting can be detrimental.


Different skill sets will be needed (Management, IT, Legal, PR, HR etc.) which necessitates a team approach in order to:


  • Verify a breach and work to contain and then eradicate it

  • Confirm the extent of the breach and the data/services which have been affected

  • Identify the risks arising to the business and others from the breach

  • When safe to do so, implement any recovery of data via back-up files and recover any systems and connectivity.

It is the responsibility of the SME Board to establish an incident response and data recovery capability for the business. This will define the required roles and responsibilities, with management needing to appoint and empower specific employees and/or an out-sourced specialist incident management company to fulfil the same. Given the immediate nature of cyberattacks a 24 hrs resource capability will be required. We have already seen that system monitoring by IT qualified staff plays an important part in protecting the business (providing a capability to detect the business is or has been under cyberattack) and good monitoring remains essential in responding effectively to cyberattacks.


Once it is deemed safe to do so IT will need to recover recently archived data for operational use. Legal will need to determine what information needs to be shared and with whom. Relevant parties who may need to be informed include the Police/Action Fraud; Banks/Credit Card Companies; Regulators (noting the 72 hrs reporting deadline under the new EU General Data Protection Regulation 2018)/Insurers (SRA in the case of Solicitors) and potentially ‘Data Subjects'. Any litigation risk will also need to be assessed. Media dialogue will need to be co-ordinated through one PR person/team operating under legal advice. Once matters have been addressed the incident response team will need to conduct a structured review and lessons learned exercise and any need for employee disciplinary action considered by HR. 


To build an effective IP cybersecurity resilience for your business will probably require the selection and management of external suppliers beyond just malware protection. External support for a cybersecurity incident response, as well as STAR (Simulated Targeted Attack & Response) penetration testing, can be provided by UK approved member firms of CREST (visit www.crest-approved.org)

It is important to emphasise that this planning needs to be initiated by the SME Board in advance of any cyberattack. Being proactive rather than reactive will inspire far greater confidence in the response and is a great way to limit the damage, with some businesses reported as having implemented deception technologies as part of their planning (e.g. creating a shadow network to divert and mislead the malicious intruder).