Chris Huggett at Sungard Availability Services discusses new research that uncovers the extent to which UK business leaders are experiencing stress-related illness and damage to their mental well-being in the aftermath of cyberattacks, IT outages and network failures.
Cyberattacks are undeniably one of the greatest challenges to business resilience companies face today. Where traditionally major global brands and financial institutions have been targeted by hackers looking to reap financial rewards, rising demand for always-on services has now placed disruption centre stage as an objective too.
Cyberattacks have also evolved, with hackers using more complex, psychological tools such as ransomware to take systems offline and pressure organisations into paying a ransom fee to restore service.
With disruption becoming a more prominent threat for companies, what it means to be a truly resilient organisation has similarly evolved. Not only do businesses need to have the financial resources to be able to bounce back from an attack, the pressure on staff during periods of downtime and potential impact on brand image must also be taken into account.
Effective strategies for staying resilient during periods of crisis therefore must focus on the trifecta of resilience imperatives: fiscal, reputational and personal.
Also of interest: Mental health and cyber security: do we have a problem?
Facts and stats: the impact of disruption on company reputation, and the bottom line
The better-known impact of disruption is the financial damage to a business, as the aftermath of a technology crisis can wreak havoc on staff costs and resources. Research has shown that UK businesses now suffer an average loss of £1.4m annually due to downtime, while almost half (48 percent) of C-level executives state that their technology expenditure had increased following a crisis.
In today’s technology-driven world of business, the privacy of customer data must also be a primary consideration when facing IT crises. If an organisation cannot demonstrate that good data protection is a cornerstone of its business policy and practices, it is open to enforcement action that can damage both public reputation and the bottom line. Nearly three quarters (72 percent) of UK C-level executives agreeing that customers are more likely to seek a new supplier if they suffer a data breach or IT downtime.
In response, an organisation’s entire approach to resilience must continually adapt to protect against all forms of risk. A Business Impact Analysis (BIA) can help determine which systems need what kind of protection, and how much downtime and data loss a company can afford. However, the financial loss that follows a crisis is only one area that companies must consider.
Also of interest: The importance of taking care of our people and their mental well-being
The need to protect the well-being of staff during a crisis
A further area of concern to UK companies is the scale of the challenge business leaders face psychologically and emotionally during times of technological disruption. Over half (54 percent) of C-level executives in the UK have suffered from stress-related illnesses and/or damage to their mental well-being as the result of a technology crisis.
Not only does this highlight how linked senior executives are to their company’s resilience, but also suggests the extent to which they feel personal responsibility as part of such fallouts.
Research has also revealed the negative personal impact technology crises can have on a firm’s leadership abilities, with 30 percent of executives finding strategic decisions more difficult to make and 24 percent finding it harder to provide clear direction for the business - putting the future of their jobs into question.
To execute their roles to the best of their abilities, the C-suite need the help and support of the wider business. More must be done to instil resiliency in businesses today, and aid leaders with their personal responses in times of disruption more effectively. This includes making staff at all levels aware of the types of risks that can lead to crises, especially those related to the technology which is becoming ever more central to business operations.
Also of interest: “The more you understand people, the better security leader you can be” – Kevin Fielder, CISO, Just Eat
The fiscal, reputational and personal imperatives of ransomware resilience
One of the biggest cyberthreats organisations currently face is ransomware. Ransomware enters into an organisational network by targeting individual users, using intense psychological pressure and exploiting human error to gain access to IT systems.
This has allowed it to become a major source of disruption to massive global corporations and an effective tool for extorting money. However, the more covert impact of a ransomware attack can often be the detrimental effect on the people involved, as the individuals targeted often feelings of responsibility or guilt.
Organisations must establish a business-wide culture of vigilance and openness led from the top-down, monitoring both disruptions and the impact they have on staff to help combat the effects of ransomware.
An emphasis on protecting each other can lead to less of a burden being placed on individuals, decreasing the impact of the team’s wellbeing as well as the company’s bottom line. Companies must also take steps to minimise risk and develop the ability to adapt to disruptive events, for example, by making the availability, security and agility of business IT operations a priority.
Organisations that are most resilient to ransomware have departed from the traditional tactics employed for unique physical assets. The only certain way of preventing digital business assets from becoming ransom prisoners is by taking advantage of the features that data and IT systems offer.
A unique physical asset exists only in one place, therefore, it can be held to ransom. If there are copies, back-ups available or alternative ways of accessing the asset (i.e. by relying on decentralised cloud solutions), the ransom becomes redundant.
Also of interest: Cyber security burnout: risks and remedies
Building resilience into the foundations of an organisation
With a significant proportion of UK businesses experiencing a combination of the fiscal, reputational and personal impact of disruption, matched with the arrival of more intelligent and pernicious cybersecurity threats, it is clear that organisations must evolve their understanding of resilience.
However, with technology a central facet both of everyday operations and achieving growth, this must be done without hampering long-term innovation, or the digital experiences of customers.
For organisations executing a digital transformation strategy, every step of the way must be evaluated for potential risk across each component of organisational architecture. A company must have the right tools and strategic plan in place, along with the technological know-how to weather the IT storm.
Crucially, however, businesses must ensure staff have the support and understanding necessary to remain resilient in a crisis. By building a culture of openness and mutual respect, organisations will not only sustain a healthy working environment, but will help staff (and therefore the business itself) quickly absorb and adapt during disruption to thrive.
You can read the full report here.