Last year saw a number of high profile cases of businesses falling victim to cyber attacks, with financial as well as reputational implications. According to government data, 50% of all businesses have experienced some form of cyber security breach or attack in the last 12 months – and with the likelihood of this trend increasing into 2025, preparing for such an event is vital for businesses of all sizes. Yet, the reality is that even with the best prevention strategies in place, there is currently no guaranteed way of avoiding the risk altogether.
Create a robust crisis plan
The first step in preparing for what to do in the event of a cyber attack is putting together a clear plan of action. This plan should outline different potential scenarios and make clear who is responsible for leading the response across your business.
When doing this it helps to think like a hacker. In what ways might a cyber criminal try to harm your organisation? How will this impact IT, legal, finance, communications, HR, or other departments? It is likely that a successful attack will impact most divisions of the organisation in some way. They all need to be aware of the plan and understand their role. Appointing a specific individual within each department to take the lead and be capable of forming a response team in the event of a threat can help.
It is important that every person involved in the plan understands the implications of an attack and why these preparations and their involvement is necessary. Getting their buy-in from the beginning will ensure that everyone is aligned and working together when needed. You can help them to take charge in these scenarios by advising them on what they can do to minimise the impact of the attack. You should list theses steps clearly on your crisis management strategy, with the owner of each action and their contact details shared across the crisis response team.
Test the plan
Everybody should be comfortable and familiar with the steps they need to take. So, once the strategy is finalised and approved, it should be rigorously tested. Much like companies run regular fire drills, the crisis management strategy should be trialled and rehearsed so that it becomes second nature in the event of a real attack.
Each person on the strategy should also make sure they have prior approval to conduct any of the actions they might need to take. This may include legal approval, pre-authorised spend caps or written agreement from the CEO that a Chief Information Security Officer (CISO), or similar individual, can take charge if difficult decisions need taking in the event of a threat.
Clear communication is key
At the recent Probrand IT Expo, Jon Staniforth, former CISO at the Royal Mail, spoke about his experience of a ransomware attack. He described the ‘insatiable’ appetite for communications from many different parties at the time of the attack, with everyone requiring information to suit a different agenda. He explained that handling these communications was the most time-consuming element of his role in the early days of the crisis, occupying 50-70% of his focus. Jon went on to create a dedicated communications team to work with the various stakeholders across PR, corporate communications and public affairs throughout the attack, ensuring the right messaging was getting out in a timely manner, without detracting him from his own role.
Knowing what to communicate, when and to whom is vital during a crisis. Yet, in the moment, it can be easy to get this wrong and say too much – or too little. Preparing clear messaging in advance and sticking to approved statements in the event of an attack can help to minimise the impact on your business’s reputation. Working with your organisation’s communications team to align on a strategy, as well as investing in any media training to rehearse real-life scenarios can help to create a clear process if and when the time comes.
Remember the importance of wellbeing
Looking after your own wellbeing – and that of your team – can fall to the bottom of the priority list when a crisis hits, but it should be a top priority. Reflecting on his crisis, Jon explained that he was working 20 hour days in the first week of the attack, doing whatever it took to understand the scale and scope of the damage. But this can become unsustainable as the work to repair the damage of an attack can span many weeks and months. To tackle this in the future, Jon suggested he would appoint a dedicated wellbeing officer whose sole responsibility is to care for the physical and mental wellbeing of the team handling the crisis.
It is often in the nature of IT teams to get involved and be curious about major events such as these, and many will volunteer to work through the night to get to the root of the problem. Jon explained that part of his role was sometimes to ask people not to get involved and for the benefit of their own wellbeing ensure they stay in their work streams. Segmenting teams and fixing accountability to specific people for pre-determined tasks can also help to keep the process as efficient as possible.
Handling any kind of crisis is undoubtedly fraught and difficult, but implementing a clear plan in advance and sticking to it in the moment can help to minimise the impact of an attack, not only on the business but on your own wellbeing. If you are currently preparing your IT strategy for 2025, taking some time to prepare for a crisis, and then testing your response at regular intervals, will pay off in the long run.
- Cybersecurity
