The potential for significant reputational loss as well as serious operational outages caused by a cyber-attack can often mean the impact to an organisation is much more significant than when dealing with other more traditional disaster scenarios.

Cyber-attacks happen incredibly quickly, which means organisations need to be prepared to respond to them just as quickly. An effective response includes key factors such as:

·       Clearly defined crisis roles and responsibilities

·       Tested communication channels for both internal and external communications – multiple channels should be available dependent on the systems impacted

·       Clear understanding of all stakeholder requirements and required recovery timelines once a systems outage has occurred

·       Confident personnel to carry out timely recovery actions

For most organisations it would be impossible to define and effectively implement these requirements during an actual cyber incident once an attack has already begun. Therefore, it is critical for any organisation who wishes to be able to deal with a cyber breach effectively to have spent time developing, testing and practicing these requirements well in advance of any potential breach.

Alongside any technical recovery, the top-level crisis management and communication activities can play just as important part in ensuring the impact from any cyber breach is minimised and the organisation can remain operational.

The below important areas for you to focus on to help develop your own cyber incident management procedures.  

1. What is your communication protocol?

During a cyber incident clear and concise communication is key. Often within organisations plans are put in pace that only consider the technical response to the incident and communicating with external stakeholders. It is, however, also essential to understand the importance of internal incident communications and ensure that your existing crisis communication plans are robust enough to deal with any type of cyber incident.
One of the key decisions to be made during an incident is when will you communicate with all your different stakeholders, or others who could be affected by the breach. Too early and you may give out the wrong information, leading to other complications later down the line, and too late and someone may beat you, potentially with the wrong information, or just as bad for your reputational integrity, it may looks like you were trying to cover it up.

Different Cyber breach incidents may well require different timelines for stakeholder interactions, which is why it is important to spend time thinking and talking through each different impact type with all areas of the organisation, and understanding any regulatory or Service requirements for each stakeholder, as well as the internal priorities and communication strategies for the organisation.

A brainstorm or practice exercise are much better forum to have these discussions, rather than during an incident when the pressure is on.

2. Where would awareness of the incident come from?

The news of a data breach may come into the organisation via multiple channels, some of which are difficult to define. It is a challenge to consider how the team who is responsible for managing any incident will be made aware of it. Who within your organisation is tasked with managing the response to a cyber-attack? And are IT and senior management aware of how an incident would be managed?

3. Roles and responsibilities needed to deal with a cyber incident

Cyber incidents could impact your organisation in a variety of ways, presenting numerous challenges. It is very important that there are definitive Roles and Responsibilities for the response team members to ensure any incident can be managed effectively. This preparation time will enable the team to understand what their specific roles are, and how the response should look, even when in a pressurised situation.

How can we help?

Our Cyber Security Management offerings include cyber governance best practice, and breach response planning, as well as training and awareness exercises and activities for staff at all levels.

As a starting point, why not try our online facilitator-led Cyber Attack Simulation role play exercise. You and other key members of your crisis response team can work together through a fictional but very realistic cyber-attack, managing any impacts via a simulated virtual desktop where you can chat with each other and other stakeholders, check emails, track the market impacts, make critical decisions and more.

Bring your key people together to develop both your skills and processes for managing a cyber breach event. 

Find out more about our Cyber Attack Simulation here