Preparing For A Cyber Crisis

Serious security incidents have become increasingly common and expensive, with the average cost of a breach hitting $4.88m in 2024.

A cyber crisis can be one of the most stressful and chaotic situations a business leader can experience. An attack can seemingly come out of nowhere and cause enormous damage if not handled correctly. And unlike most business crises, there’s the added element of knowing a malicious actor is directly trying to harm your company. 

How can business leaders best prepare for a cyber crisis, and what does effective management look like when an attack occurs? 

What Are Some Of The Challenges When Dealing With A Cyber Crisis?

When a cyberattack unfolds, it’s not just the technical threat itself - it’s the domino effect. One system going down can have a profound impact on the rest of the organisation, quickly racking up financial and reputational damage, as well as regulatory issues. So, organisations must get ahead of the situation before the damage starts piling up.

Stakeholder engagement is often overlooked as companies focus their efforts on resolving the issue. An organisation might handle a cyber crisis well from a technical perspective, but if it fails to manage the ‘court of public opinion,’ the impact can be just as damaging as a technical failure.

In the heat of the moment, unverified data, rumours, or misinformation can spread quickly, both internally and externally. This can make an incident seem worse than it is, sparking panic among stakeholders and causing unnecessary reputational damage. 

Finally, many companies lack the resources to handle a crisis effectively due to a lack of trained personnel or inadequate technology. Unless they’ve made a proactive effort to understand their capabilities in advance, they may not realise how short handed they are until they’re in the midst of an incident. 

What Lessons Can We Learn From Previous Attacks?

Every major cyber incident carries potential lessons, so it’s important to monitor how attacks have unfolded and how peers have responded to them. 

The MOVEit breach, for instance, exploited a zero-day vulnerability in a widely used file transfer solution, compromising sensitive data across thousands of organisations. It highlighted the importance of advanced monitoring systems to detect anomalies early, potentially distinguishing between a contained incident and a full-blown crisis.

Log4j is another high-profile breach worth studying, especially as a lesson in the importance of proactive vulnerability management. The organisations that managed it best were those with robust patching processes and a proactive approach to keeping their systems up to date.

How Do Organisations Implement An Effective Cyber Crisis Framework?

It starts with preparation. Having a clear, ordered plan that outlines every step of your response is crucial, which means developing a deep understanding of your company’s unique structure, vulnerabilities, and operational priorities. 

In addition, everyone needs to know their roles and responsibilities during a crisis. Map out the key positions and ensure everyone understands their part and why they need to be ready for an incident.

Equally importantly, having a plan on paper is not enough - it needs to be tested regularly through simulations and drills. This is especially key for the senior decision-makers who will be expected to take charge, but it’s a valuable experience for all personnel. Ideally, you want a ‘be ready’ mindset around cyber to permeate every business level. 

These exercises help teams practice their roles and expose gaps that might otherwise go unnoticed. A good crisis sim helps elevate an attack from a theoretical concept to a genuine threat. 

Accurate information gathering is another factor at the heart of a strong framework. Leaders need reliable, verified data to make informed decisions. This includes assessing the scope of the crisis and its potential impact on critical operations so resources can be allocated effectively.

Lastly, adaptability is key. Cyber crises are unpredictable, and no framework can anticipate every scenario. A good plan is flexible enough to evolve as new information emerges, ensuring the organisation can pivot effectively when necessary.

How Can An Organisation Measure If They’re Ready?

Measuring readiness for a cyber crisis is about more than just ticking boxes - it’s about ensuring your organisation can respond effectively when the time comes. 

Regular risk assessments are essential for identifying vulnerabilities and adapting your crisis framework to evolving threats. These evaluations help uncover gaps in your defences and ensure that your response plan remains relevant as your organisation grows and changes.

Frameworks and plans must likewise be living documents rather than one-and-done exercises that gather dust for years. Schedule regular check-ins to ensure they’re up-to-date and reflect changes in personnel and business structures. 

Again, testing the plan through realistic cyber drills and exercises is a valuable way of assessing your response plan. Mimicking the pressures of a real incident can highlight how well both the plan and personnel will hold up. Tracking metrics like detection time, response time, and containment effectiveness can provide valuable insights into your readiness.

Stakeholder feedback is another helpful tool. Employees, partners, and even customers can provide perspectives on areas of improvement. Building channels for honest feedback ensures your framework evolves in meaningful ways.

Finally, after an actual or simulated incident, conduct thorough debriefs to analyse performance. Document lessons learned and updated your plans accordingly. An organisation that treats every exercise and event as an opportunity to improve can establish a ‘be ready’ stance in preparation for whatever challenges come its way.

Dan Potter is Senior Director of Operational Resilience at Immersive

Image: Jacob Wackerhausen

You Might Also Read: 

Cyber Security Governance Is A Leadership Responsibility:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« AI & Fake News
The Evolution Of Cybersecurity Education: Bridging The Skills Gap In A Digital Era »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Metasploit

Metasploit

Metasploit penetration testing software helps find security issues, verify vulnerabilities and manage security assessments.

Backup112

Backup112

Backup112 has been delivering professional cloud backup services since 2004.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

Pipeline Security

Pipeline Security

Pipeline is a leader in cybersecurity, offering comprehensive services to protect organizations from evolving threats.

Early Birds

Early Birds

Early Birds is a Business to Business (B2B) marketplace for Innovators (Startups/Scaleups) and Early Adopters to exchange value early on.

GoSecure

GoSecure

GoSecure Managed Detection and Response helps all organizations reduce dwell time by preventing breaches before they happen.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

Veratad Technologies

Veratad Technologies

Veratad Technologies, LLC is a world class provider of online/real-time Identity Verification, Age Verification, Fraud Prevention and Compliance Solutions.

Delinea

Delinea

Delinea is a leading provider of cloud-ready privileged access management (PAM) solutions that empower cybersecurity for the modern, hybrid enterprise.

CornerStone

CornerStone

CornerStone is an award winning, independent risk, cyber and security consulting firm providing a range of Risk Management, Security Design and Implementation Management Services.

UNS Inc.

UNS Inc.

UNS is a top services partner for multiple leaders in the global cybersecurity industry – we do business in 40 countries, including the United States, Canada, Chile, and Colombia.

AFRY

AFRY

AFRY is a world leading engineering company, trusted as a supplier of services and solutions within the industry, energy, and infrastructure sectors as well as for authorities.

Flotek

Flotek

Flotek is an IT & Comms service provider delivering SMEs with trusted, innovative and cost effective cloud technology, with confidence, clarity and clout.

Zenzero

Zenzero

Zenzero simplifies technology adoption and supports our customers through managed and outsourced IT support.

Edera

Edera

Edera is changing the way containers are run and secured, making isolation a reality and fundamentally transforming computing in the process.