Most firms 'have no cyber-attack plans'


ONLY 11 per cent of businesses have action plans in place if they fall victim to a cyber-attack, a local insurance company has claimed after a virus crippled IT systems across the world.

Rossborough director Lee Refault said that while most companies had plans in place in case fire or theft disrupted their business, most firms were not prepared for the consequences if their business fell victim to a cyber-attack such as from the WannaCry virus.

And James Gillies, a consultant at tech firm Logicalis, has warned businesses that as people are viewed as the ‘weakest link’ in the security chain by cyber-criminals, they are being targeted through misleading emails and internet links.

Their comments come after the WannaCry virus infected hundreds of thousands of computers across the world at the weekend and caused the collapse of several NHS systems.

The ‘ransomware’ program, which locks computer systems and demands $300 [£230] in Bitcoin to be removed, is so far not believed to have had any impact in Jersey.

But Mr Refault said that a cyber-attack, such as from WannaCry, was ‘a strong possibility’ for most businesses.

‘Every business should also have a tested breach response plan in place for cyber-crime and data breaches,’ he said.

‘Recent studies show an attack on your computer systems or a breach of your cloud data is a strong possibility for many businesses. But although 67 per cent of firms have spent money on their cyber-security, only 20 per cent have had staff attend any form of cyber-security training in the previous 12 months and only 11 per cent have a cyber-security incident plan in place.’

Subscribe to our Newsletter

Subscribe to our mailing list

* indicates required

Comments for: "Most firms 'have no cyber-attack plans'"


the crackers (not hackers' which the media incorrectly call them), are just getting warmed up. They simply performed a litmus test with the recent ransomware hits. I wouldn't trust cloud with my CV, let alone the data which many firms store on the remote software. Theft of data in the physical terms, is normally carried out by people who have access to the building before, during and after work hours. I bet people still write their passwords on sticky notes or paper in or around their desks. Fire, that's obvious...have a disaster recovery system in place off-site. However, when it come to the crackers' cunning ways of infiltrating systems, it's very hard to prevent, notice, monitor and/or correct. It's a perfect cat and mouse strategy, and in some instances the crackers' are both.