Not-for-profit quality care for over 25 years
Close this search box.

Three high-level features of any (good) cyber strategy

There’s no one correct way for an organisation to do cyber defence. Your company’s size – whether it’s an SME or big corporation or somewhere in between – also has no bearing on the efficacy of your cyber strategy.

While SMEs are considered to be more vulnerable to cyber-attacks due to having comparatively more limited resources, not even corporate giants are infallible. In just one example among many, Tesco Bank was fined over £15million for failing to protect customers from a cyberbreach.

That said, your business might do everything right and still experience a cyber-attack. While disheartening, your cyber defence strategy isn’t about achieving cyber invulnerability, because that isn’t possible. It’s about having the right processes in place so that your company can bounce back with minimal disruption if it was the victim of an attack.

There are many different ways to build a solid cyber defence strategy, but whichever way you go you’ll want to make sure you’re covered on the following three things.

FCA fines Tesco Bank £16.4m for failures in 2016 cyber attack | FCA

  1. Understand your landscape

It’s easy to believe that the cyber threats that face our business are those which all businesses face, but this isn’t true. Different industries tend to experience upticks and downticks of different cyberthreats, whether that’s ransomware or phishing or something else.

Pay attention to the type of cyber-attacks that have affected your competitors, and stay up to date with rising trends in the cyber breach space tending to affect your type of business.

  1. You never achieve ‘cybersecurity’

Considering that human error accounts for as many as 95% of cyber-attacks, your workforce is an important asset in keeping your organisation cyber secure.

Your company might mandate cybersecurity learning for its workforce, whereby employees must regularly complete certain modules, and while this is a start, it’s also important to drill home the fact that the cyber sphere is always changing, and that means the threats your organisation faces are ever-shifting too.

  1. Proactive, not reactive

It’s true of plenty of things, including cybersecurity – you want to develop a proactive rather than reactive approach.

The Global Risks Report 2022 PDF

It’s true of plenty of things, including cybersecurity – you want to develop a proactive rather than reactive approach.

Not only can the cost of a cyber-attack be debilitating for a business, but the attacks themselves are getting costlier, too. Aside from the static cost, a cyber-attack can disrupt your business processes foreseeably, which could incur another huge cost.

More than that though, if your business handles client data to any degree and your organisation faces a breach which exposes that data – even fractionally –  you risk more than a fine from the FCA; you risk losing the hard-earned trust of your customer base.

Report: Insider Cybersecurity Threats Have Jumped 40% in 4 Years (

To find out how Towergate Insurance could assist you, please call Richard Barnes on 07768 314 298 or email

Share post...