contact Search
Search

What critical assets are in your cyber risk ‘blast radius’ and how to protect them?

Dave Machin

In the world of cyber security, the reality of a new year is a fresh set of increasingly sophisticated threat actors looking to hack and exploit your business assets. For the majority, it's not a case of ‘if’ it happens, but ‘when’ it happens. In 2024, 74% of large businesses experienced cyber threats and no-one wants to be the next Microsoft (who suffered an attack on its corporate systems in early 2024) or Change Healthcare, who inadvertently exposed a third of Americans’ patient data due to a ransomware attack. 

2025 is set to see a new record of ransomeware attacks, and these and a variety of other growing risks including password-spray assaults, AI fuelled threats, and escalating geo-political tensions mean threat actors are ready to capitalise and wreak havoc. 

So what critical assets are in your blast radius and how do you protect and prevent carnage? Here's how to start: 

Step 1: Understand your blast radius

What is in scope and what is the extent of potential damage that can occur if a cyber attack successfully compromises your key assets? Analyse systems, applications, data, operations and stakeholders.

Step 2: Know who owns what

No longer ‘a matter for IT’, organisations are increasingly realizing they need to build a culture of security right across the business. The tighter the better, as leaders across the board have a fiduciary duty to their employer, and legal and regulatory responsibilities to protect against cyber security. High profile breaches at Uber and Equifax have resulted in CEOs and CISOs losing their jobs and facing legal scrutiny. Your CEO, CHRO, CIO, Head of Procurement, CISO, CRO, CFO and NEDs must all be engaged, informed and accountable here.

Step 3: Ascertain potential reach and impact

How far reaching will the consequences of a security breach on these be? This will be influenced by how interconnected systems are, the privileges or access levels associated with the compromised asset, network design, access controls, cloud/hybrid environments and third party integration, etc.

Step 4: Define and rehearse your response

Limit lateral movement by isolating critical systems from the broader network, put in place a ‘zero trust’ architecture, early detection of intrusions and conducting frequent and secure back ups are all actions to take straight away.

  • Risk assessment and prioritisation
  • Network segmentation
  • Incident detection
  • Incident response plan
  • Containment measures
  • Communication strategy
  • Back up and recovery.

Step 5: Measure and improve your overall risk posture

Improving your company’s risk posture is all about measuring and strengthening your ability to identify, protect, detect, respond to and recover from cyber threats.

Looking at cultivating a security culture at your workplace, training and awareness and continuous monitoring and optimization are three key areas to focus on.

Your business goal for 2025 should be to start a constructive, engaged conversation about cyber security across your business. It's no longer just the concern of IT. Every leader has a personal duty of care and part to play.

Share:

The author
Dave Machin

Dave Machin, Partner

Dave's profile
Connect on LinkedIn

Related insights

Cyber-security-strategy-thumb
insight - Cyber security

Defining and delivering an effective cyber security strategy

Arrow icon
Cyber-security-Head-of-Procurement
insight - Cyber security

How Heads of Procurement can get on top of cyber risks

Arrow icon
IDAM
insight - Cyber security

IDAM: sharpening identity and access management

Arrow icon
google maps

The Berkeley Partnership LLP
20 Farringdon Street
9th Floor
London, EC4A 4AB

+44 (0)20 7643 5800

google maps

The Berkeley Partnership LP
530 Fifth Avenue
Suite #808
New York, NY 10036

+1 (929) 526 2010