It has long been said that there are two certainties in life – “death” and “taxes”. However, in our increasingly sophisticated and connected world, is a “cyber attack” becoming the third certainty? Recent high profile attacks on established household names along with the UK Government's recent announcement would suggest that it is possibly true.

Of course, as with the two “established” certainties, it’s not quite that simple. Arguably it matters more what you do in readiness and as a result of these so called certainties – be it financial planning, getting things in order, focusing on the things that really matter and having a plan should the worst happen. Third certainty or not, these principles apply equally well in the case of cyber attacks. It is very easy to take the attitude “well it’s going to happen anyway” which can lead very quickly to “why bother” which, if followed through to the inevitable conclusion, underestimates the value of good preparation and the importance of impact mitigation in the worst case scenario.

Understanding the dynamics of what we can control and what we can’t plays a vital role in determining focus areas for cybersecurity. Even if the extreme case is accepted, and cyber attacks are the third certainty of life, there are still things that are within the control of organisations such as putting the basics in place (e.g. patching, system updates, anti-malware), understanding current exposure though a Risk Insight and prioritising budgets accordingly, adopting the right Enterprise Security Architecture to suit their business needs, and putting into place an incident response plan to quickly close and recover from any successful cyber attack.

Third certainty or not, another old saying “failing to plan is planning to fail” might apply if organisations do not take the necessary steps to safeguard their assets against cyber attacks and the consequences could be very costly.