Every year, most businesses experience a cyber attack of some sort. Despite the fact that these attacks can interrupt business operations, many organisations lack an effective business continuity response. While some organisations do have cyber security and incident response functions in place, they focus more on mitigating the attack itself than on ensuring business operations can continue in the interim. To understand why it is important to integrate cyber security into the business continuity plan, business continuity planners must first be familiar with the common cyber threats organisations face as well as the far-reaching impact of data breaches. Then, they must address the root causes of the breakdown between business continuity and cyber security: the lack of a security culture, boardroom support and a coordinated response. Practical steps for integrating cyber security into the business continuity response include starting a conversation with those responsible for cyber security, determining the appropriate response to cyber incidents, assessing the organisation's recovery needs and testing the response strategy. Ideally, however, organisations should prevent attacks altogether. As employees are often the primary point of failure in cyber security preparedness, organisations should improve their cyber security posture by investing in education and awareness from the top down.