Rising from the ashes

Part of becoming a truly resilient organisation is being able to respond to a cyber-attack. According to the UK government’s Cyber Security Breaches Survey 2025, 43 per cent of businesses have been caught up in a cyber-incident in the past 12 months, and this rises to 67 per cent for medium-sized firms and 74 per cent for larger organisations, so for most businesses it’s a question of when rather than if they are affected.

 

Professor Buck Rogers is a strategic cyber-security and cyber-risk advisor at Rohkeus Cyber and previously held positions as global head of cyber-intelligence and threat at HSBC and chief information security officer (CISO) at the Bank of England. He says there are several steps organisations can take to prepare for an attack, with a view to minimising damage.

 

This starts with ensuring you have the right people in the organisation to instil a culture of cyber-resilience throughout the business. “Good recruitment and leadership make it easy for people to do the right thing,” he says. “Within the industry, there is too much focus on the technical capabilities of CISOs. As a CISO, you’ve got to be business and risk-focused; otherwise, within the blink of an eye, you’ll be a head of IT.”

 

CISOs also need to realise they need support from the wider enterprise. “The team has got to be willing to do the right thing because it’s the right thing to do,” he adds. “Too often, in this industry, you see people doing things because it benefits them.”

 

The most apposite way to learn how best to respond to an attack is through experience of going through one; something Rogers has seen all too often. “I love incidents because you get to see the true side of people,” he says. “We can all learn from them.” Often, though, there is a reluctance to speak about incidents, he adds, which stems from a fear of being judged by other professionals.

 

He recalls one occasion when there was a key system loss due to a misconfiguration. “It took an age to restore and happened at the worst time,” he says. “But you also need to be able to deal with physical loss, such as laptops or papers. In some ways, this is harder, as you have limited control.”

 

Drawing on his experience of such incidents, he stresses the need to ensure staff at all levels are exposed to the realities of what would be involved. “It’s a marathon, not a sprint, so staff accordingly and rotate staff where possible,” he says. “Support non-cyber staff, such as those from legal or press teams and get them involved before an incident so they understand the team. Push the two-minute incident assessment and make sure you have documentation easily available. Practice with snap tests and learn as much as you can.”

 

There are also personal characteristics that CISOs need to adopt if they are to build a resilient mindset and take people with them on the journey. “Honesty, partnerships, empathy and being positive are important attributes,” he says. “Focus on being the smile in the room.”