You’ve just been informed that your company has experienced a cyber attack. Now what? Do you rest easy knowing that your team has already begun implementing a well-rehearsed and detailed incident response plan? Or, do you panic and wonder what to do next? If you identify with the latter, you’re not alone.
More than thirty percent of C-Suite executives did not know who should be responsible when their organizations were faced with a data breach or other cyber-security incident. By the time they or their team figured it out, the damage was already being done.
Within minutes of an attack, an organization’s reputation can be tarnished. Customers often start to panic and possibly do further damage by sharing the news on social media. Board members or shareholders may also be panicking, perhaps calling for the CEO’s resignation as they witness an ill-prepared senior management team implement a response that’s akin to throwing a pail of water on a wildfire.
This is Not a Fire Drill… It’s a Fire
The time to act on your company’s response to a cyber security incident was yesterday, and prepare for it way before it happens. Whether you are the CEO, COO, CFO, General Counsel, Chief Risk Officer, or you have a title without an acronym, your constituents are looking for a comprehensive and immediate response that will allay their fears and keep the organization’s reputation intact.
“If the CEO and other C-Suite executives are immersed in the minutia of the attack, they are not focused on the continuity of the business,” Steven Bernard, Bernard Global, LLC said. “It’s critical to build the right team today, agree to levels of authority and decision-making, and have the team report only on a need-to-know basis.”
Without a documented, well-rehearsed response plan, customers, employees, and shareholders can expect a “garbage-in, garbage-out” result. Additionally, once the incident hits the news, your PR team will be rendered helpless without prepared and thoughtful messaging that speaks to both the immediate and long-term remedy.
The reputation recovery process is not accomplished with a well-worded press release or social media post, but rather an incident response plan that has been developed collaboratively with key management stakeholders and tested ad-nauseum. Additionally, each member of the organization must know their role and be held accountable so they are able to execute their tasks before, during, and after each cyber incident. Yes. Each incident. Because there will be more than one and everyone will be watching.
If you already have a plan in place, don’t make things worse by broadcasting your recovery activities over the network that was just attacked. This opens the door for even more devastation as hackers wait in the wings for such a misstep. You must have an alternate, cloud-based, well-tested communication channel in place to avoid further assault with no dependencies on your existing network.
Your Bottom Line is On the Line
According to a study by Grant Thornton, only four in ten mid-sized companies in the U.K. had a comprehensive, up-to-date, and regularly rehearsed cyber incident response plan. This means that over half of these businesses are not prepared to handle a cyber attack and are even more unprepared for the financial losses that inevitably follow.
A recent study on the financial impact of cyber attacks noted that more than half of U.K. businesses reported a revenue loss of between three and ten percent with some reporting upwards of a twenty-five percent loss. It’s projected that damages due to cybercrime will hit $6 trillion annually by 2021. Financial losses from data breaches can also result in potential fines that can cripple even the most profitable companies.
In the end, no organization is immune to cyber attacks. However, every organization can inoculate itself by being equipped with a comprehensive incident response plan that will protect their bottom lines, their brands, and their company’s reputation.
Groupdolists provides a secure and encrypted cyber incident response platform. It also delivers real time visibility to senior leadership and crisis management teams on progress, new issues as they arise, and mitigation solutions that are being implemented, in the palm of your hand, instantly.