All organisations must accept that a security incident is inevitable, whether a cyber-attack, injuries to staff, damage to property and so on. There is no such thing as “total security”.

In the old days, most businesses could operate successfully with only relatively low-level losses through fraud, robbery and pilferage. Such losses were seen simply as a cost of doing business.

Cyber-attacks (whether criminal or state-sponsored) and the increasing threat from random terrorist acts has sadly changed that picture completely.

In the face of such serious threats – particularly from cyber attacks – successful businesses are those that accept that a security incident is inevitable and that they must plan to be “business resilient”: able to function effectively whatever may hit them.

We help companies with this planning process, so that they can define what they will need to do (in terms of resources and investment) to sustain their activities in the event of a major security incident – in other words, to ensure that they are business resilient.

This is not a static, one-time process. We help businesses to keep their planning up-to-date, and to ensure that key decision-makers regularly exercise their roles when a major security incident strikes.