At a glance
It’s when, not if
- 74% of large UK businesses were hit by cyberattacks in 2024. It’s when, not if, your business will be targeted.
What’s at risk?
- Most organisations rely on a single payment provider. When it goes down, employee salaries aren’t processed, and suppliers go unpaid, eroding trust and confidence.
Who’s vulnerable?
- Retailers, local authorities, healthcare, logistics, payroll bureaus, and franchise businesses face the highest risk due to high volumes of time-sensitive payments.
Why contingency payment plans?
- To have a streamlined escape hatch for BACS payments with entirely separate login credentials, multi-factor authentication, and no SSO dependency.
- To store payment data through regular file upload. This allows you to process payments immediately even when primary systems are completely inaccessible.
How much does it cost?
- A backup payment system should be 25-33% the cost of your primary payment system.
- Don’t risk a cyberattack. Protect the credibility, trust and business relations you’ve sent years building
What would your business do if it were unable to make payment runs for several days or even weeks? That’s the question treasury and finance leaders must ask in the wake of the high-profile cyberattacks that have afflicted the UK retail sector in recent months.
Many organisations rely on a single payment platform, which means that payments are a common weak spot in cyber recovery plans. As recovery planning rises to the top of the boardroom agenda, it’s essential to consider what contingency systems your business has in place for making payments.
A case of when, not if…
The threat of cyberattacks is widespread and increasing. The UK government’s cybersecurity breaches survey 2025 shows that 74% of large UK businesses identified breaches or attacks in 2024.
Meanwhile, Hiscox’s Cyber Readiness Report 2024 finds that seven out of ten UK business leaders reported an increase in the number of times they have experienced a cyberattack in the last 12 months.
As the coordinated attacks on some of the biggest names in UK retail demonstrate, no company is immune to cyber threats. Furthermore, generative artificial intelligence (GenAI) is facilitating more sophisticated attacks utilising social engineering techniques at scale.
The World Economic Forum’s Global Cybersecurity Outlook 2025, for instance, reports a sharp uptick in organisations reporting phishing and social engineering incidents in 2024.
Increasingly, the prevailing view is that for most businesses, it is a matter of when, not if, a cyberattack will occur.
Some sectors are particularly attractive to cybercriminals, often due to the high volumes of valuable customer data they hold.
Secure your payment systems
These consequences apply to all businesses, but those organisations processing high volumes of time-sensitive payments should be particularly wary, because it puts their whole business model at risk.
Retailers and local authorities can fall into this category, but it also extends to sectors that employ a high proportion of hourly-paid, agency workers, such as healthcare and logistics, as well as payroll bureaus that process these payments on behalf of other companies.
Franchise-led businesses, characterised by a distributed business model with multiple independent units and a complex transaction flow, are another area of concern.
Creating a contingency plan
With boards and senior management paying increasing attention to cyber recovery and backup plans, now is a good time to reassess the contingency plan your business has in place if your primary payment system is compromised.
Key steps include:
- Detailing which payment systems your business uses and the volume of payments processes.
- Auditing for common weaknesses, such as single-system dependency or single sign-on (SSO).
- Establishing what alternative systems your business can use if the primary system is down.
- Determining if your payment systems allow you to access historical payment data if the systems are compromised.
If your business does not have a backup system in place, it’s often worth investing in a contingency payments platform that can operate independently even when your primary systems are completely inaccessible. All you need is any computer with internet access to process last month’s or week’s payroll data..
Book a consultation
A contingency system isn’t an exact duplicate of the main platform. Instead, it’s a streamlined escape hatch that provides a clean, secure backup channel for BACS payments, including payroll, in the event that your main system is compromised. It has entirely separate login credentials supported by multi-factor authentication and no SSO dependency connecting it to any other systems.
This streamlined approach means that contingency services are often a fraction (25 – 33%) of the cost of running the primary payment platform; an expense that many companies justify by running a proportion of their transactions through the platform each month to ensure readiness.
Peace of mind at a fraction of the cost
At AccessPay, we regularly work with companies to provide contingency payment platforms that complement their existing payment infrastructure.
Multiple leading organisations use our cloud-native platform to process BACS and other payments as their primary platform, so if the worst-case scenario does come to pass and your organisation is subject to an attack, you’re in safe hands.
Not only that, but we can store your current and historical payment data through regular file upload. This means that if your primary systems are completely inaccessible, you can download previously uploaded files, such as last months payroll, modify the payment dates, and process payments immediately.
Whilst this approach requires updates for any changes in employee details or payment amounts from previous uploads, it provides a critical lifeline that’s more acceptable to governance and risk teams than maintaining separate offline data storage.