The reputational impact of a cyber attack
PWC’s Global CEO survey 2018 found that 40% of CEOs ranked cyber threats as their biggest concern, larger than technological change, uncertain economic growth and terrorism. Dealing with cyber incidents is no longer the preserve of IT managers. It’s now identified as a board-level issue with the potential to cripple your organisation.
Planning and preparing for cyber scenarios
Organisations need to understand areas of vulnerability and the potential impact on business. Once your risk landscape is clear, you can scenario plan against different types of incidents, working out how you would respond, criteria for decision-making and the likely resource you would need.
Inspired by Mr. Robot: Hacks from the series and how to prevent them
As the finale of the show’s second season approaches, security experts from across the IT industry have picked their top hack from the series, and offered some advice on how to protect against it.
The next step is to turn your risk assessment and scenario planning into a set of response processes and protocols. A quick and effective response is impossible without thorough planning and forethought. Once you have a plan in place to deal with cyber incidents you must ensure your people are briefed, trained and rehearsed on what they should do. The Cyber Security Breaches Survey 2018 found that while most organisations see cyber security as a high priority, only 20% of employees received formal training around it.
How to respond post-GDPR
There is an obligation to act quickly or face punitive fines. Consequently, GDPR could act as a positive catalyst for organisations to ensure teams are ready should the worst occur.6 steps you should take when managing the situation: 1. Activate your team – Speed is of the essence. Convene your team as soon as you become aware that you may have an issue.The ever growing list of organisations that have failed to respond effectively to a cyber incident and suffered damaging consequences is a warning to all businesses. No company can immunise itself from an attack. However, planning, training and rehearsal can enable you to respond quickly and effectively and emerge with your reputation intact. Jonathan Hemus is managing director of Insignia.
2. Deploy your plan – Uncertainty and high stakes can cause even experienced executives to make poor decisions under pressure.
3. Act quickly – Investigate and address the situation and pro-actively communicate to affected stakeholders. Any attempt to hide the truth, or a failure to communicate, will likely damage reputation and business value.
4. Provide regular updates and information – Reassure stakeholders via multiple sources, including your website, social media feeds, call centres, in-store or in-branch.
5. Exceed expectations – Ensure the steps you take to reduce the impact on affected stakeholders go above and beyond what is expected.
6. Futureproofing – Take steps to avoid another incident. You can be forgiven for an isolated event, but repeat offenders, such as TalkTalk, suffer the worst harm.
Share this story