Investing in cyber security: adapt today to protect your business tomorrow

Businesses – especially SMEs – are increasingly targeted through cyber attacks. That’s why it’s important to have an incident response plan in place.

2022 has seen a rapid increase in cyber-security incidents, according to NCC Group. In the first half of the year, hackers targeted critical infrastructure, operational technology and industrials sectors, including energy and utilities, manufacturing, transport, defence and construction.

In the second quarter of 2022, NCC Group found security incidents in the technology sector escalated by 38% – the highest sector percentage increase recorded when compared to the three months prior. 

There are three common types of cyber threats to businesses

According to NCC Group’s guide to incident response planning, these are:


Malware is malicious software, including viruses, spyware, trojans and worms, designed to access important information, take control of a person’s computer or spy on them.


Phishing is the use of fraudulent emails to trick victims out of money or information, or into downloading malware. The emails will mimic individuals or businesses that the person knows and trusts. 

General phishing emails are usually sent to thousands of people and often have obvious warning signs. Spear phishing emails are more sophisticated and typically target specific people in an organisation, such as the accounts payable department. Whaling is a type of spear phishing that targets high-value individuals, such as CEOs.


Ransomware is a type of malware that locks down your computer or files and threatens to publish your most sensitive data until a ransom is paid. It usually gains access via a legitimate-looking email link or attachment and often asks for payment in cryptocurrencies. 

NCC Group’s guidance is that ransoms should never be paid as there is no guarantee that you will regain access to what’s been lost. NCC Group has found that these attacks are on the rise, and in the second quarter of 2022 industrials was the most targeted sector for ransomware attacks, followed by retail, and technology. 

How can a cyber incident response plan help?

Without a cyber-attack incident response plan, it can take longer to identify and contain a breach. Not only will this have cost implications, but it could also lead to other damaging factors such as downtime, productivity dips, regulatory penalties, third-party damages and more.

Research by the Ponemon Institute in the US found in 2022 the average time taken to identify and contain a data breach was 277 days. Moreover, they found that a breach with a life cycle of up to 200 days costs $1.1m less than one with a life cycle longer than 200 days.

Multinational businesses should also be aware of the increasingly complex international cyber-security regulations, with compliance becoming much trickier to keep on top of.

What are the reputational risks to businesses?

Cyber attacks can affect reputation, too. High-profile breaches tend to attract negative media coverage and can affect consumer trust in your brand.

But according to NCC Group’s Incident Response Guide for Businesses, when companies handle cyber incidents effectively, it can provide a positive brand opportunity. By preparing and adopting best practices for incident responses and executions, reacting fast, prioritising transparency and communicating actions taken to eradicate the threat, businesses can take charge of the situation and help to protect their brand.

So, while it may be hard to identify the risks your business could be exposed to, prevention is better than cure. And with cyber attacks more sophisticated than ever, having a cyber-security plan in place could help to prevent exposure to future risks.

How to create a cyber incident response plan

By investing in a suitable, thought-out incident response plan, or retainer, you’re adapting today, to protect your business tomorrow.

In order to secure your organisation, you must identify your threat actors, then consider what critical systems and data underpin your business. How are you applying security controls to best protect your most important assets? The answers to these questions will help you to develop a comprehensive security strategy.

Creating a cyber incident response plan may seem like a huge undertaking, especially if you don’t have a dedicated IT/security team. But once broken down into stages, the task becomes significantly more manageable.

Need some support?

For help with preparations and understanding your cyber risks, read more about it in NCC Group’s Incident Response Guide for Businesses.

For more insights on the latest cyber-security threats to businesses, see our Cyber Security hub.

This material is published by NatWest Group plc (“NatWest Group”), for information purposes only and should not be regarded as providing any specific advice. Recipients should make their own independent evaluation of this information and no action should be taken, solely relying on it. This material should not be reproduced or disclosed without our consent. It is not intended for distribution in any jurisdiction in which this would be prohibited. Whilst this information is believed to be reliable, it has not been independently verified by NatWest Group and NatWest Group makes no representation or warranty (express or implied) of any kind, as regards the accuracy or completeness of this information, nor does it accept any responsibility or liability for any loss or damage arising in any way from any use made of or reliance placed on, this information. Unless otherwise stated, any views, forecasts, or estimates are solely those of NatWest Group, as of this date and are subject to change without notice. Copyright © NatWest Group. All rights reserved.

scroll to top