Racing to catch a flight recently, I was horrified to notice my phone’s battery was limping along on its last legs. Luckily, it had just enough power for me to scan my boarding pass at security, before I found a socket on the other side for a quick charge.
This stressful start to my journey was a stark reminder of how quickly our lives can fall apart without access to our digital devices. Indeed, over-reliance on digital devices is a major vulnerability in many organisations’ cyber security plans and one that they should recognise and address.
Paper plans
If your cyber crisis management plans are stored on your IT system, how would you access them if an attack encrypted all your files?
Without access to these files, would you have contact and policy details for your insurance? What about the protocols and data required to shut down and isolate affected systems and to access backups? Would you have details for emergency IT consultants or for your internet service provider? And could you access customer and supplier contact lists?
In the immediate aftermath of a cyber-attack, the faster you can respond, the better chance you have of minimising its impact and preventing contagion both within your organisation and to third parties.
This is a point that the National Cyber Security Centre (NCSC) was keen to make in its 2025 review, in which it highlighted the importance of non-technical cyber security measures.
It stated: “Such measures include ensuring availability of crisis response runbooks either digitally or physically on isolated platforms or hardcopy.”
Yes, the world’s going digital, but make sure you can access the data you need in the event of a crisis, and if that means paper-based files, then so be it.
Simple steps to improve security
The government is also making a pointed effort to ensure organisations understand the growing threat of a cyber-attack and implement simple steps that ensure they shore up their defences and make themselves more resilient in the event they are breached.
Last year, The Co-op Group and Jaguar Land Rover both made the headlines when debilitating cyber-attacks brought their respective operations to a standstill and hit customers and suppliers hard.
These attacks were representative of the increase in such events recorded by the NCSC, which said there were 204 nationally significant incidents in 2025, a jump of 48% on the previous year.
Smaller organisations also face a growing threat from cyber criminals and it’s important not to give them an open door through which to infiltrate your IT estate.
In many instances, relatively simple steps will avoid these attacks impacting your organisations and will enable you to respond quicker and more effectively to those that do.
This was the message from Liz Kendall MP, who is the Secretary of State for Science, Innovation and Technology. Writing to business leaders towards the end of last year, she urged them to take three specific steps in a bid to raise cyber resilience across the country.
Firstly, she highlighted the need to make cyber risk a board-level priority and to use the Cyber Governance Code of Practice, which sets out the actions that leadership teams need to take to govern their cyber risk effectively. The code is supported by free training and as well as detailing steps to prevent an attack, it also provides guidance on maintaining and rebuilding operations in the aftermath.
Secondly, she urged leaders to sign up to the NCSC’s early warning service. Forewarned is forearmed after all, and this free service informs organisations of potential cyber-attacks on their network, giving them time to intervene before the situation escalates.
Thirdly she requested that organisations look beyond their own operations and seek out suppliers with a robust approach to cyber security. The government-backed Cyber Essentials Scheme certifies those that have key cyber protections in place to prevent common cyber-attacks. Using this scheme to vet suppliers will mitigate the risk of an attack that spreads from your supply chain and will add another layer to your security.
Technology has become incredibly complex, but in the face of more prevalent and sophisticated cyber-attacks, it is also true that relatively simple measures can have a transformative impact on your cyber security.
It might seem faintly ridiculous that paper-based crisis management plans could be your salvation in the event of a cyber-attack, but it’s worth remembering that it’s not always the most complex solutions that are the most effective. Good housekeeping will also go a long way to mitigating your cyber exposure.
Join Us for Cyber Scotland Week 2026 — Strengthen Your Organisation’s Cyber Resilience
Cyber threats continue to rise, and every organisation — large or small — needs to be prepared. As part of Cyber Scotland Week 2026, Keegan & Pennykid (Insurance Brokers) Ltd is hosting a shared event with SCVO/Lead Scotland. This event will be a Dynamic, insight‑packed session designed to help organisations take practical steps to stay safe online.
🎤 Event: , “What I can do to help my organisation stay safe online”
🗓 Friday 27th February 2026
⏰ 10:00am – 11:00am
📍 Online
🔗 Register now: What I can do to help my organisation stay safe online – Cyber Scotland
Why not speak to us at Keegan & Pennykid about a bespoke Cyber Insurance policy for your organisation? Whether an event is designed to interrupt your operations or is focused on causing you maximum negative exposure due to data theft, our Cyber Insurance policies can both assist and support you during the immediate period following such interruption as well as aid your recovery to normal business operations as quickly as possible.
