Preparing For A Cyber Crisis

Uploaded on 2025-02-25 in FREE TO VIEW, TECHNOLOGY--Resilience

Serious security incidents have become increasingly common and expensive, with the average cost of a breach hitting $4.88m in 2024.

A cyber crisis can be one of the most stressful and chaotic situations a business leader can experience. An attack can seemingly come out of nowhere and cause enormous damage if not handled correctly. And unlike most business crises, there’s the added element of knowing a malicious actor is directly trying to harm your company. 

How can business leaders best prepare for a cyber crisis, and what does effective management look like when an attack occurs? 

What Are Some Of The Challenges When Dealing With A Cyber Crisis?

When a cyberattack unfolds, it’s not just the technical threat itself - it’s the domino effect. One system going down can have a profound impact on the rest of the organisation, quickly racking up financial and reputational damage, as well as regulatory issues. So, organisations must get ahead of the situation before the damage starts piling up.

Stakeholder engagement is often overlooked as companies focus their efforts on resolving the issue. An organisation might handle a cyber crisis well from a technical perspective, but if it fails to manage the ‘court of public opinion,’ the impact can be just as damaging as a technical failure.

In the heat of the moment, unverified data, rumours, or misinformation can spread quickly, both internally and externally. This can make an incident seem worse than it is, sparking panic among stakeholders and causing unnecessary reputational damage. 

Finally, many companies lack the resources to handle a crisis effectively due to a lack of trained personnel or inadequate technology. Unless they’ve made a proactive effort to understand their capabilities in advance, they may not realise how short handed they are until they’re in the midst of an incident. 

What Lessons Can We Learn From Previous Attacks?

Every major cyber incident carries potential lessons, so it’s important to monitor how attacks have unfolded and how peers have responded to them. 

The MOVEit breach, for instance, exploited a zero-day vulnerability in a widely used file transfer solution, compromising sensitive data across thousands of organisations. It highlighted the importance of advanced monitoring systems to detect anomalies early, potentially distinguishing between a contained incident and a full-blown crisis.

Log4j is another high-profile breach worth studying, especially as a lesson in the importance of proactive vulnerability management. The organisations that managed it best were those with robust patching processes and a proactive approach to keeping their systems up to date.

How Do Organisations Implement An Effective Cyber Crisis Framework?

It starts with preparation. Having a clear, ordered plan that outlines every step of your response is crucial, which means developing a deep understanding of your company’s unique structure, vulnerabilities, and operational priorities. 

In addition, everyone needs to know their roles and responsibilities during a crisis. Map out the key positions and ensure everyone understands their part and why they need to be ready for an incident.

Equally importantly, having a plan on paper is not enough - it needs to be tested regularly through simulations and drills. This is especially key for the senior decision-makers who will be expected to take charge, but it’s a valuable experience for all personnel. Ideally, you want a ‘be ready’ mindset around cyber to permeate every business level. 

These exercises help teams practice their roles and expose gaps that might otherwise go unnoticed. A good crisis sim helps elevate an attack from a theoretical concept to a genuine threat. 

Accurate information gathering is another factor at the heart of a strong framework. Leaders need reliable, verified data to make informed decisions. This includes assessing the scope of the crisis and its potential impact on critical operations so resources can be allocated effectively.

Lastly, adaptability is key. Cyber crises are unpredictable, and no framework can anticipate every scenario. A good plan is flexible enough to evolve as new information emerges, ensuring the organisation can pivot effectively when necessary.

How Can An Organisation Measure If They’re Ready?

Measuring readiness for a cyber crisis is about more than just ticking boxes - it’s about ensuring your organisation can respond effectively when the time comes. 

Regular risk assessments are essential for identifying vulnerabilities and adapting your crisis framework to evolving threats. These evaluations help uncover gaps in your defences and ensure that your response plan remains relevant as your organisation grows and changes.

Frameworks and plans must likewise be living documents rather than one-and-done exercises that gather dust for years. Schedule regular check-ins to ensure they’re up-to-date and reflect changes in personnel and business structures. 

Again, testing the plan through realistic cyber drills and exercises is a valuable way of assessing your response plan. Mimicking the pressures of a real incident can highlight how well both the plan and personnel will hold up. Tracking metrics like detection time, response time, and containment effectiveness can provide valuable insights into your readiness.

Stakeholder feedback is another helpful tool. Employees, partners, and even customers can provide perspectives on areas of improvement. Building channels for honest feedback ensures your framework evolves in meaningful ways.

Finally, after an actual or simulated incident, conduct thorough debriefs to analyse performance. Document lessons learned and updated your plans accordingly. An organisation that treats every exercise and event as an opportunity to improve can establish a ‘be ready’ stance in preparation for whatever challenges come its way.

Dan Potter is Senior Director of Operational Resilience at Immersive

Image: Jacob Wackerhausen

You Might Also Read: 

Cyber Security Governance Is A Leadership Responsibility:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« AI & Fake News
The Evolution Of Cybersecurity Education: Bridging The Skills Gap In A Digital Era »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cryptomathic

Cryptomathic

Cryptomathic is an expert on commercial crypto - we develop, deliver and support the most secure and efficient off-the-shelf and customised solutions.

Oodrive

Oodrive

Oodrive is the first trusted European collaborative suite allowing users to collaborate, communicate and streamline business with transparent tools that ensure security.

X-act Forensics

X-act Forensics

X-act forensics are computer forensic experts with experience in cases of computer fraud, intellectual property theft, and social networking cases.

Kenexis

Kenexis

Kenexis is a consulting engineering firm providing services for process hazards analysis, fire and gas mapping, and industrial cybersecurity.

DocAuthority

DocAuthority

DocAuthority automatically discovers and accurately identifies unprotected, sensitive documents, enabling a broad yet business-friendly security policy.

Cybersecure Policy Exchange (CPX)

Cybersecure Policy Exchange (CPX)

Cybersecure Policy Exchange is a new initiative dedicated to advancing effective and innovative public policy in cybersecurity and digital privacy.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services is a premier Managed Internet Technology (I.T.) company with a focus in cybersecurity risk management and CMMC compliance management.

Datastream Cyber Insurance

Datastream Cyber Insurance

DataStream Cyber Insurance is designed to give SMB’s across the US greater confidence in the face of increasing cyber attacks against the small and medium business community.

Zorus

Zorus

Zorus provides best-in-class cybersecurity products to MSP partners to help them grow their business and protect their clients.

Comcast Technology Solutions (CTS)

Comcast Technology Solutions (CTS)

Comcast Technology Solutions delivers proven technologies for global video, media, communications, data applications, and cybersecurity & compliance.

Bastazo

Bastazo

Bastazo provides tools for vulnerability and patch management. Focus your cybersecurity operations on vulnerabilities with the highest risk of exploitation.

Falconfeeds

Falconfeeds

Falconfeeds empowers businesses and security professionals with immediate access to the latest and historical threat intelligence data.

Safe Data Storage

Safe Data Storage

Safe Data Storage offer a fully managed, professional, secure UK-based online backup service to businesses, education and charities.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.

Smartcomply

Smartcomply

Smartcomply is an automated and AI-powered cybersecurity and compliance platform that aids businesses in reducing the time and money spent on cybersecurity and compliance.