Poole firm warns total cyber security is no longer realistic for businesses
C3IA says businesses should also focus on resilience
Last updated 10th Jun 2025
A cyber security consultancy in Poole is encouraging businesses to rethink how they approach cyber resilience, following recent prominent cyber-attacks.
It is urging them to focus not only on defence, but on how they recover if an incident occurs.
C3IA, a national company with headquarters in Poole says the goal of absolute security is increasingly unrealistic.
It adds that the ability to bounce back quickly from a cyber incident is now just as important as preventing one in the first place.
Government figures show that nearly half of UK businesses and around 30 per cent of charities have had security breaches in the last year.
While recent incidents involving major retailers have made headlines, most go under the radar.
Rupert Irons from C3IA said: “Awareness of cyber security has improved in recent years, and many organisations have taken steps to protect themselves.
“But the nature of the threat keeps shifting. Even businesses with strong cyber security in place can still find themselves at risk against a determined attacker.
“In several recent incidents, recovery has taken time and cost companies millions of pounds from business disruption, lost sales or IT-related costs.
“Therefore, it is important for businesses to focus not only on prevention, but on how they would respond if something goes wrong.
“No system is perfect, and that’s why it’s crucial to think about how you’d react in the event of an incident.
“The companies that handle these situations best are the ones that have prepared for them.
“And this doesn’t just apply to large firms. Smaller businesses are also at risk.
“Cyber criminals don’t always target specific organisations – they’re often looking for easy opportunities. Having good, basic security in place can make a real difference.
“But when breaches do happen, how a company responds is key. Preparation and implementing a plan can save time and money.
“This includes having reliable back-ups, clear internal protocols and communication plans to keep staff, clients, and stakeholders informed and reassured.”
The National Cyber Security Centre (NCSC) has also been stepping up its support.
In addition to its accessible Cyber Essentials scheme, which helps organisations put basic protections in place and includes access to cyber insurance, the organisation has recently introduced two new initiatives.
The first is the Cyber Resilience Test Facilities programme, which allows tech companies to demonstrate how resilient their products are in practice.
The second is the Cyber Adversary Simulation Programme, which gives organisations access to trusted providers who can test their defences and highlight weak spots.
Irons warned against cutting cyber security budgets as economic pressures mount. “It might seem like an easy area to scale back on, but the cost of an attack – especially one that’s poorly handled – can be far greater.
“Resilience isn’t about recovering from an incident; it’s about being prepared to operate through one.
“The businesses that treat cyber security as an ongoing responsibility, not a one-time fix, are the ones that stay ahead.”