Disaster response plans are well-established in most industries. These may include procedures for maintaining or restoring normal operations interrupted by extreme weather, energy blackouts and breaks in the chain of command. It is vital that companies include potential cyber breaches in their business continuity or disaster response plans.
Yet many businesses are ill-equipped to respond to this sort of crisis. According to one survey, just 44% of businesses have established plans for preventing and responding to cyber security incidents.1 This lack of preparedness is certainly a factor in cyber related financial losses, which topped $1 trillion globally in 2020.2
Criminals are learning to target specific types of businesses, sometimes through methods that require very little technical expertise. Instead, they can exploit human behavior by manipulating employees through social engineering tactics. This means decision-makers need to incentivize and train their employees to be watchful for signs of cyber crime.
But no organization should assume it can deflect every cyber crime attempt. Response plans that map out communications and recovery processes after a cyber incident are essential to restoring normal operations. As business operations become increasingly digitized and complex, criminals are developing new tactics that exploit these changes.
While each company’s response plan will be unique, here are some guiding principles for an effective plan.
Preparation is key to an effective response
Cyber incident response plans depend on an accurate visualization of the company landscape and the parts that would be most vulnerable in different situations. Businesses should also establish command structures and communication protocols, prioritize data and key systems, and formalize agreements with outside experts, such as lawyers or cyber recovery specialists. They should also determine which decision-makers should have access to the response plan, possibly including external stakeholders such as vendors, customers or banks.
Playbooks detailing the response should be provided to all stakeholders, perhaps in hard copy in case digital systems are compromised. Many cyber incidents are exacerbated when company leaders are simply unable to consult their playbooks or make contact with other decision makers through alternate communication channels.