BS ISO/IEC 27031:2025: What the revised BSI cybersecurity standard means for UK businesses

In 2023, Royal Mail was brought to a standstill by a crippling ransomware attack, halting international deliveries for weeks. Fast forward to 2025, and Marks & Spencer was left grappling with a similar crisis - a cyberattack disrupting online orders and costing the retailer an estimated £300 million. These high-profile incidents highlight an urgent reality: no organization is immune, and robust business continuity planning is essential to survive the rising tide of cyber threats.

With the right preparedness, such as the clear guidance offered in Cybersecurity — Information and communication technology readiness for business (BS ISO/IEC 27031), organizations will be well placed to act swiftly to maintain essential services and minimize disruption when cyberattacks strike. This internationally recognized standard is intended to equip businesses to anticipate risks, respond effectively, and recover with confidence, ensuring resilience in an era where cyber threats are a when, not an if.

A strategic framework for resilience

The updated standard goes beyond compliance checklists. It provides a vital, strategic framework designed to help businesses withstand, adapt to, and recover from ICT-related disruptions.

Our reliance on digital infrastructure has never been greater. Cloud platforms, remote work tools, AI integrations form the backbone of modern business. But as these technologies become indispensable, they also become prime targets for increasingly sophisticated cybercriminals. The decision by BSI to revise this international standard for the first time since 2011 reflects this evolving threat landscape.

Statistics paint a stark picture: half of UK businesses and nearly a third of charities reported a cyberattack in the last year alone. The costs are not just financial (averaging £1,205 per incident for businesses and rising to £10,830 for larger firms) but also reputational, operational, and legal. Downtime, lost data, and damaged trust can inflict wounds that last far longer than the attack itself.

When digital disruption strikes unexpectedly, having a robust plan to safeguard people, data, systems, and technology becomes essential. The revised standard provides the foundational framework to ensure that resilience

A Step Change in Resilience Thinking

ISO/IEC 27031:2025 introduces a systematic approach to building and maintaining ICT resilience. It supports organizations in planning, preparing, and recovering from disruptions by embedding digital trust at every level. Key updates include enhanced risk management methodologies, stronger incident response protocols, and continuity strategies that align with modern cloud-first and hybrid working environments.

Importantly, this revision explicitly integrates ICT readiness into broader business continuity frameworks, elevating resilience from an IT concern to a board-level priority. This speaks to a significant cultural shift. In the past, cybersecurity and continuity planning have often been treated as afterthoughts or operational tasks delegated to lower levels without executive oversight. The new standard challenges this mindset, encouraging leadership teams to take ownership of digital preparedness as a core strategic capability.

Looking ahead: from reactive to proactive

In business, uncertainty is inevitable, but being unprepared is a choice. The updated Cybersecurity — Information and communication technology readiness for business guidance should be seen as an indispensable tool for any organization serious about resilience. It’s time for businesses to move beyond reactive responses and embed ICT continuity planning as a permanent, proactive pillar of their strategy.

Because when disruption strikes, the ability to recover quickly and confidently won’t just protect your bottom line—it could determine your business’s very survival.

About BSI

BSI is a business improvement and standards company that partners with more than 77,500 clients globally across multiple industry sectors. BSI provides organizations with the confidence to grow by working with them to tackle society’s critical issues – from climate change to building trust in AI and everything in between - to accelerate progress towards a fair society and a sustainable world.

BSI is appointed by the UK Government as the National Standards Body and represents UK interests at the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC) and the European Standards Organizations (CEN, CENELEC and ETSI).