Explainers & Guides
Third-Party Data Breaches
It cannot be denied Brexit has had a major effect on supply chains. Covid, too, has played a part in the disruption, with the pandemic wreaking havoc on economies worldwide. But the more we speak about Brexit or Covid-related disruption, the more we lose sight of the most insidious threat: cyberattacks.
Unlike Brexit and Covid, cyberattacks are still complete unknowns. You can never tell where they’ll come from, when they’ll strike, what they’ll target. Where we can see all the ways Brexit and Covid have transformed supply chains, cyberattacks remain hidden – ticking time bombs waiting to go off.
While Brexit and Covid have each been estimated to cost UK businesses £250 billion, the large bulk of these costs have already been felt. Covid lockdowns are, thankfully, a thing of the past, and businesses have begun to adapt to the post-Brexit world. Slowly, things are returning to normal.
Cyberattacks, however, are not only not over, they’re getting worse. A five-year study by Beaming released last year revealed attacks cost UK businesses £87 billion since 2015 – but what is more worrying is the number of UK businesses that have fallen victim to such attacks has doubled in the same time period. In the UK, 39% of businesses within the last 12 months identified a cyber attack. Of these, 31% estimated they were attacked at least once a week, and 20% directly experienced a negative outcome. The true figure is likely to be even higher, as those businesses with less cybersecurity are less likely to recognise attacks.
Attacks come at a severe financial cost to your business – both directly and indirectly. In the UK, the average cost of successful attacks on medium or large businesses was calculated at almost £20,000. This is to say nothing of the indirect consequences that breaches have on public confidence and your business’ reputation. Brexit and Covid may be understood by consumers to be unavoidable complications to your brand, but a robust defence to cyberattacks is your responsibility, and your customers know this. Although it might sound counterintuitive, Brexit and Covid will not harm your brand in the eyes of your customers. Cyberattacks will.
In a now infamous speech, Donald Rumsfeld outlined three types of knowledge:
Now try saying it all quickly three times.
Once upon a time, Covid and Brexit, and their effects, were mostly Unknown Unknowns for businesses. It would have been foolish to factor them in to long term decision making about supply chains, because we didn’t even know they could suddenly be a problem. There’s a reason the word ‘unprecedented’ is used so often around Covid: we simply didn’t know something of that scale could happen.
But as Brexit and Covid began to hit the news agenda, they slowly became a Known Unknown. Sure, we might not have understood everything about how Brexit would impact supply chains – but we knew we didn’t know it! From a business point of view, this difference is everything. You can begin to strategise, map worst case scenarios, create back up plans. There might still be issues, but at least this time everyone knew it was a possibility. In other words, Known Unknowns give you the awareness to be flexible, fluid and adaptable for when problems do occur. Unknown Unknowns, on the other hand, shut you down completely.
Fortunately, as time has passed, all have become more Known Knowns. Day by day, we’re learning more about Brexit, and more information and guidance is out there on how best to support your supply chains. Companies are adapting, learning, and managing the disruption a little more each day.
Just as technology constantly evolves, so too do cyberattacks. New exploits can always be found, and there are always more unknown actors out there trying to find them. When there are attacks, they happen quickly, and depending on what part of your supply chain is targeted, the consequences can vary dramatically. The sad truth is that, until it happens, the exact form of these cyberattacks may be impossible to predict, making them the most threatening Unknown Unknown.
Yet, despite this unpredictability, time and again the headlines are focused on Brexit. It can be easy to feel the pressure to have to prioritise it above all else – but resist the temptation! Cyberattacks are a threat that will not go away, and unlike Brexit or Covid, there will never come a day when the possibility or the effects of a cyberattack can be accurately known.
Not all hope is lost, however. Although the exact form of a cyberattack might be an Unknown Unknown, being aware of the possibility and shifting it into a Known Unknown can make all the difference. Ensuring company-wide (and supply-chain-wide) awareness of the cybersecurity threat, keeping up to date with the latest developments, and having a clear and detailed Cyber Incident Response Plan are just three ways your business can be better prepared for whatever comes your way, so even if you don’t know everything, at least you know you don’t know it!
Unknown Unknowns will always exist, particularly when it comes to cyberattacks. But where the effects of Brexit and Covid have become clearer, Known Knowns, exact information on cyberattacks will always be difficult to guarantee. That’s why it’s more important than ever to keep the focus on cybersecurity in your supply chain. Don’t be distracted by the headlines (Brexit will, eventually, pass), keep your focus on being ready to mobilise and respond to any attack that might come your way.
Make sure you cover every stage of a possible attack so you can turn this Known Unknown into something more manageable and less disruptive:
First, prepare and prevent. This means ensuring cybersecurity is thorough across your organisation, and everyone understands the threat of cyberattacks. Make it the Known Unknown of your business and keep it in your team’s mind at all times, rather than only thinking about it when it’s too late.
Read the latest news for new potential threats. Run drills. Lead seminars for your team. Consider getting a system to help monitor your supply chain security and which will provide a robust defence. Want to see what our favourite cyber security blogs are? Click here.
Second, respond quickly. If you don’t have one already, start work on a Cyber Incident Response Plan. This means you can be ready to confront a threat when it does come. You may not know every aspect of the attack, but you can have an initial response which can be tailored once more information is known.
Third, evaluate and learn. Each attack is a lesson, providing a new piece of knowledge you didn’t have before. So don’t just move on – learn it! You’re not just a teacher for your team, you’re a student too. Take the time to research what happened and gradually, just like Brexit and Covid became known, make cyberattacks more knowable. And once you do, it’s time to prepare and prevent once again…
Cyberattacks are unpredictable, but that doesn’t mean there’s nothing you can do. Once all the disruption from Brexit and Covid passes, they will be the biggest threat your business will face, so act now! With the right prep, you can make sure you’re ahead of the curve and not caught short when it’s too late. Filter out the noise, keep your eye on the future, not the past, and make the smart choice today by prioritising cybersecurity, so when the day comes when you’re hit by an attack, you’re ready.
Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.
