17 February 2023
In our hyper-connected world, it is critically important that organizations have cyber crisis readiness plans and are prepared to press the button in the face of a major incident. Without a cyber crisis management strategy, organizations risk severe reputational damage, eroded trust, and a significant fall in sales. All are difficult to rebuild quickly.
The threat landscape is expanding fast, and malevolent actors are becoming more and more sophisticated. As a result, breaches are becoming routine. In the latest Ponemon Institute1 report, 83% of organizations studied have experienced more than one data breach. It is little surprise, therefore, that the average data breach cost reached an all-time high this year, at $4.35 million. The average time to identify and contain a data breach has hit 277 days!
There is a fine line between an incident and a crisis; poor decision-making during a crisis can be terminal for an organization. A crisis usually unfolds when an incident has not been handled correctly and consequently escalates. Cyberspace is a unique environment, so an attack can be so inconsistent and complex to an organization that it is deemed a crisis from the beginning.
Understanding that a cyber crisis is not just a technical problem is essential. As well as having major repercussions on the organization, it also reverberates through the supply chain, partner, and customer ecosystem.
With so much at stake, every enterprise should have a regularly updated overarching cyber crisis management strategy that covers the crisis’s lifecycle. Skill sets, capabilities, and communications plans must be implemented to enable an enterprise to respond to a crisis and get back business as quickly and efficiently as possible.
A crisis management strategy enables an enterprise to prepare to make the right decisions in a crisis to minimize the impact and duration of a cyber-attack. This includes crisis simulation so that crisis management teams can be ready for any eventuality.
The essential component of a crisis management strategy is the people. A well-informed crisis management team with the relevant technology, security, communications, and business continuity skills is pivotal.
However, convincing the board to put a cyber crisis management strategy in place is not always easy for Chief Information Security Officers (CISO).
The issue is that the C-suite often finds it difficult to understand the nuances of cyber risk fully. At the same time, CISOs don’t always spell out cybersecurity risk clearly, leaving discrepancies between business objectives and cybersecurity posture. This can leave the organization highly susceptible to risk and unprepared should a crisis arise with detrimental consequences.
The board has a role to play in a cyber crisis, and partners, customers, and regulators will look to it to get the organization back on track safely. CISOs must explain the implications of a cyber crisis to the board and get their buy-in for the budget to support a cyber crisis management plan.
Incident response allows businesses to gather intelligence on a threat agent attacking the organization and prepare actions to remove it. The goal is to prevent cyberattacks before they happen and minimize the impact if an attack is triggered. Incident response is a vital source of information for the cyber crisis management team.
A robust incident response plan can help to detect and contain cyber threats and get an organization back to health as rapidly as possible. It should be a significant part of the crisis management plan.
A recent report2 found that organizations where incident response plans were regularly tested had an average data breach cost of $2.66 million lower than those without incident response teams and associated plans.
There are no foolproof plans for protecting an organization against a cyber crisis – but being prepared, as we have said, is half the battle. A cyber crisis management strategy and a well-informed team can be a lifesaver for an organization hit by a major cyber-attack.
Organizations often come back stronger from a cyber crisis. Cyber crisis management helps business-as-usual resume faster but also aids an organization in spotting and addressing future threats faster and more effectively. Ultimately it can help create a stronger, more resilient organization than the one that initially entered the crisis.
Would you like to access more information on how to be prepared in case of a cyber crisis? Take a look at our recent white paper which we created to helps raise awareness of cyber crisis management among the board and explains how to draw up a robust cybersecurity crisis management strategy and put a governance in place to oversee it.Download our whitepaper