Preparing For A Cyber Crisis

Serious security incidents have become increasingly common and expensive, with the average cost of a breach hitting $4.88m in 2024.

A cyber crisis can be one of the most stressful and chaotic situations a business leader can experience. An attack can seemingly come out of nowhere and cause enormous damage if not handled correctly. And unlike most business crises, there’s the added element of knowing a malicious actor is directly trying to harm your company. 

How can business leaders best prepare for a cyber crisis, and what does effective management look like when an attack occurs? 

What Are Some Of The Challenges When Dealing With A Cyber Crisis?

When a cyberattack unfolds, it’s not just the technical threat itself - it’s the domino effect. One system going down can have a profound impact on the rest of the organisation, quickly racking up financial and reputational damage, as well as regulatory issues. So, organisations must get ahead of the situation before the damage starts piling up.

Stakeholder engagement is often overlooked as companies focus their efforts on resolving the issue. An organisation might handle a cyber crisis well from a technical perspective, but if it fails to manage the ‘court of public opinion,’ the impact can be just as damaging as a technical failure.

In the heat of the moment, unverified data, rumours, or misinformation can spread quickly, both internally and externally. This can make an incident seem worse than it is, sparking panic among stakeholders and causing unnecessary reputational damage. 

Finally, many companies lack the resources to handle a crisis effectively due to a lack of trained personnel or inadequate technology. Unless they’ve made a proactive effort to understand their capabilities in advance, they may not realise how short handed they are until they’re in the midst of an incident. 

What Lessons Can We Learn From Previous Attacks?

Every major cyber incident carries potential lessons, so it’s important to monitor how attacks have unfolded and how peers have responded to them. 

The MOVEit breach, for instance, exploited a zero-day vulnerability in a widely used file transfer solution, compromising sensitive data across thousands of organisations. It highlighted the importance of advanced monitoring systems to detect anomalies early, potentially distinguishing between a contained incident and a full-blown crisis.

Log4j is another high-profile breach worth studying, especially as a lesson in the importance of proactive vulnerability management. The organisations that managed it best were those with robust patching processes and a proactive approach to keeping their systems up to date.

How Do Organisations Implement An Effective Cyber Crisis Framework?

It starts with preparation. Having a clear, ordered plan that outlines every step of your response is crucial, which means developing a deep understanding of your company’s unique structure, vulnerabilities, and operational priorities. 

In addition, everyone needs to know their roles and responsibilities during a crisis. Map out the key positions and ensure everyone understands their part and why they need to be ready for an incident.

Equally importantly, having a plan on paper is not enough - it needs to be tested regularly through simulations and drills. This is especially key for the senior decision-makers who will be expected to take charge, but it’s a valuable experience for all personnel. Ideally, you want a ‘be ready’ mindset around cyber to permeate every business level. 

These exercises help teams practice their roles and expose gaps that might otherwise go unnoticed. A good crisis sim helps elevate an attack from a theoretical concept to a genuine threat. 

Accurate information gathering is another factor at the heart of a strong framework. Leaders need reliable, verified data to make informed decisions. This includes assessing the scope of the crisis and its potential impact on critical operations so resources can be allocated effectively.

Lastly, adaptability is key. Cyber crises are unpredictable, and no framework can anticipate every scenario. A good plan is flexible enough to evolve as new information emerges, ensuring the organisation can pivot effectively when necessary.

How Can An Organisation Measure If They’re Ready?

Measuring readiness for a cyber crisis is about more than just ticking boxes - it’s about ensuring your organisation can respond effectively when the time comes. 

Regular risk assessments are essential for identifying vulnerabilities and adapting your crisis framework to evolving threats. These evaluations help uncover gaps in your defences and ensure that your response plan remains relevant as your organisation grows and changes.

Frameworks and plans must likewise be living documents rather than one-and-done exercises that gather dust for years. Schedule regular check-ins to ensure they’re up-to-date and reflect changes in personnel and business structures. 

Again, testing the plan through realistic cyber drills and exercises is a valuable way of assessing your response plan. Mimicking the pressures of a real incident can highlight how well both the plan and personnel will hold up. Tracking metrics like detection time, response time, and containment effectiveness can provide valuable insights into your readiness.

Stakeholder feedback is another helpful tool. Employees, partners, and even customers can provide perspectives on areas of improvement. Building channels for honest feedback ensures your framework evolves in meaningful ways.

Finally, after an actual or simulated incident, conduct thorough debriefs to analyse performance. Document lessons learned and updated your plans accordingly. An organisation that treats every exercise and event as an opportunity to improve can establish a ‘be ready’ stance in preparation for whatever challenges come its way.

Dan Potter is Senior Director of Operational Resilience at Immersive

Image: Jacob Wackerhausen

You Might Also Read: 

Cyber Security Governance Is A Leadership Responsibility:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« AI & Fake News
The Evolution Of Cybersecurity Education: Bridging The Skills Gap In A Digital Era »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Fredda Stanza

Fredda Stanza

Fredda Stanza specialize in Information Security and Forensics Consulting.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

Green Hills Software

Green Hills Software

Green Hills Software is the largest independent vendor of embedded secure software solutions for applications including the Internet of Things.

Exein

Exein

Exein are on a mission to build the world’s first ecosystem for firmware security so that all different types of firmware are secure around the world.

Cyber Observer

Cyber Observer

Cyber Observer’s team specializes in providing corporate officers with comprehensive, visual, real-time performance overview, critical security control (CSC) analysis.

iProov

iProov

iProov delivers authentication and verification simply and securely, based on a genuine one-time biometric.

Crosspring

Crosspring

Crosspring is an incubator/accelerator for people who have the ambition to start a successful business or want to extend their existing business in the areas of FinTech, AR, VR, Cybersecurity and SaaS

ADL Consulting

ADL Consulting

ADL Consulting provide information security-related consultancy and training support to businesses across the UK. Our services include ISO27001, GDPR, Cyber Essentials and training.

BlockAPT

BlockAPT

BlockAPT, empowering you with an advanced, intelligent cyber defence platform. We protect our customers digital assets by unifying operational technologies against advanced persistent threats.

Celcom

Celcom

Celcom is the oldest mobile telecommunications provider in Malaysia, providing solutions and services to consumers and businesses.

Open Web Application Security Project (OWASP)

Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.

ATHENE National Research Center For Applied Cybersecurity

ATHENE National Research Center For Applied Cybersecurity

ATHENE is the largest research center for cybersecurity and privacy in Europe, conducting application-oriented top-level research for the benefit of the economy, society and the state.

Blockfence

Blockfence

Blockfence are a seasoned crew versed in enterprise-grade cybersecurity and crypto, on a mission to collaboratively shape the future of Web3 security.

Orchestrate Technologies

Orchestrate Technologies

Orchestrate Technologies provides computer network and IT managed services for small and mid-market clients as well as small enterprise businesses.

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe