Don’t just fix vulnerabilties, remember to keep a paper-based copy of Disaster Recovery Plans
In light of the recent high profile attacks on Jaguar Land Rover, Co-op Group and Marks and Spencer, the UK government and the National Cyber Security Centre (NCSC) is not only promoting use of the Cyber Essentials Scheme to bolster defenses, it’s also urging organisations to prepare for cyber-attacks by maintaining physical, offline recovery plans.
Reading between the lines, this may be in response to some companies reaching for their continuity plans after a breach has occurred, only to find that they have been encrypted (rendered unreadable) along with all their other valuable information, until a ransom is paid.
The NCSC reported 429 cyber incidents in the first nine months of 2025, with 204 deemed “nationally significant,” a sharp increase from 89 last year.
They emphasise “resilience engineering” to anticipate, absorb, recover, and adapt to attacks, advising paper-based plans and analogue communication strategies. Most attacks are financially motivated, often by ransomware gangs, with a noted rise in teenage hackers.
Organisations that invest early Cyber Essentials, and make it a requirement across their supply chain, have a better chance of surviving an attack. You can purchase Cyber Essentials from Indelible Data here
More information can be found in the NCSC’s annual review here: https://www.ncsc.gov.uk/collection/ncsc-annual-review-2025
/-3.5042587517567103,%2054.70635734010168,15.5/300X450@2X?access_token=pk.eyJ1Ijoid29tYmF0Y2hyaXMiLCJhIjoiY2pqaGEyd2lzMDQ3ZDN2bWQ4OTBsa2pmayJ9.ksVq6arM13qYhr76pco33w)