8 questions for SME’s that could improve your business’s defence against a cyber-attack

Back in May 2021, Ireland’s healthcare systems went offline because of a cyber-attack which resulted in 700 GB of medical data being stolen and 80% of the organisation’s data being encrypted. This caused amounts of huge disruption which included medical procedures being cancelled and major systems being taken offline.

A lessons learned report following this cyber-attack is now available, and you may ask yourself why this is important if you are not a business in the healthcare sector. However, many of the lessons that need to be acted upon are ones that could affect any business from any sector.


The key lessons were:

  • The organisation was underprepared for the event of a ransomware attack.

  • There wasn’t a single responsible owner for #CyberSecurity, at senior executive or management level at the time of the incident.

  • There was no dedicated steering committee that provided direction and oversight of cyber security and the activities required to reduce the cyber risk exposure.

  • There were known cybersecurity gaps and vulnerabilities, with no process that managed the cybersecurity risk and infrastructure.

  • They relied heavily on simple antivirus tools to detect threats and did not have a cyber incident response plan.

  • The cyber-attack was not actively identified nor contained prior to the ransomware execution, despite the attacker being noisy.

  • Time was lost during the response due to a lack of pre-planning for cyber events.

  • A significant amount of time was spent during the response gathering information about applications, as this wasn’t recorded in something like an asset register.

  • The lack of preparedness and slow response time had a big impact on normal business.

So, with these quite simple yet significant factors exposed, it’s a good opportunity for you to ask the below questions of your own company.

  1. When did you last review your IT infrastructure? We have all grown and systems have change significantly to improve remote working.

  2. Do you have effective cybersecurity monitoring and technologies in place?

  3. Have you removed out of date / unsupported software?

  4. Do you have a cyber incident response plan? You will have one for the event of a fire or flood, and cyber security incident plan should be considered as great of a risk.

  5. Do you have the proportionate resources in place, maybe a designated cybersecurity person/team, or 3rd party supplier whose priority is to secure your network?

  6. Do you have Business Continuity and/or Disaster Recovery plans available to reduce the impact on your business?

  7. Are you staff aware and understand how to react to a developing cyber incident?

Sometimes mistakes are made, but it’s the response we take to reduce and remove the opportunity for these mistakes to reoccur that is critical. We can all learn from the Ireland Healthcare cyber-attack to ensure that as business owners, you have effective procedures in place should an incident occur within your business.


The Cyber Resilience Centre for the South East can help with developing and enhancing your processes, configuring your technology correctly, and upskilling your people to recognise and respond appropriately, therefore making you and organisation safer.


We offer a Cyber Security Policy review that will take a look into your current security policy, looking at how it is written and how it is implemented. We use key elements of the international information security management systems standard, which goes by the name of ISO/IEC 27001:2013’.


This forms the model for security policy reviews to identify any gaps, and to ensure that policy, procedure and technical controls implemented by your organisation are based on coherent risk management.


The policy should not be seen as a static document that you write once and only look at when it’s reviewed on an annual basis. It should be a live document that constantly changes as IT, network, and data security threats evolve and company changes occur.


It should clearly outline the guidelines for transferring company data, accessing private systems and devices, and using company-issued devices.


Get in touch with us today if you think your business could benefit from this service.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.