I would advise all businesses to perform a Risk Assessment (RA) and get a Risk Register (RR) together. This is the best way to understand what risks your business faces, and how to resolve them. This then leads on to where to allocate budgets for the best results. Performing a RA usually offers great ROI; when performed by a competent professional, additional benefits and streamlining of resources usually more than covers the entire cost of the exercise.
Once done, it is now possible to understand what the worst security impacts are, and their likelihood. Is it a ransomware attack locking all systems disrupting business (very common at the moment but fairly easier to plan for), or is it a key third party supplier being breached and losing access to critical company/customer data or services (not as common but could have a huge impact and is harder to plan for)? Again, this is where having the assistance of an expert professional is vital, to derive the greatest ROI and cover all risks. Using their industry knowledge and experience they can put into perspective the likelihood of the risks and how to effectively mitigate these.
Until you have performed a RA and have a RR, in my opinion, you can never truly plan for the worst, as you don't know what it realistically could be.
To discuss performing a Risk Assessment or how to start planning get in touch.
Lee Gilbank is one of the founders of Yorcybersec. When he’s not working with his clients, he geeks out on jigsaw puzzles, cycling, and playing video games with his children.