Written by Guy Segal, Sygnia Vice President Cyber Security Service for APAC.
Cyberattacks have become so frequent and common that it has now become a question of “when” and not “if.”
The past few months have seen a series of major breaches from high-profile companies, highlighting the growing concern of cybersecurity in the business world.
According to the 2022 Cost of a Data Breach Report by IBM and Ponemon Institute, Australia ranks 11th in terms of total data breach costs, with an average cost of $2.92 million per breach.
This represents a 3.4% increase from the previous year and is about $1.4 million less than the global average of $4.35 million in 2022.
This demonstrates the country’s promising cyber threat resilience potential which should be leveraged with a comprehensive cybersecurity strategy to strengthen the country’s defences.
But while cybersecurity should be one of the most essential priorities of organisations, one other aspect must be given equal importance and consideration—how to manage the situation should an unfortunate cyberattack happen.
Below, we explore seven ways that highly successful Chief Executive Officers (CEOs) and leaders have used to effectively manage a cyber crisis and prevent it from becoming a catastrophe.
1. Contain the incident as the utmost priority.
It is difficult to gain a firm grip on a crisis if you don’t fully understand what has shaped it and where it is heading. Successful CEOs lead both their internal teams and external providers to investigate the root cause of the incident and understand what assets, data, clients, or suppliers are involved or exposed. This understanding allows for developing a containment strategy and helps limit the damage. As more information is collected and analysed, the picture becomes more precise, and there is an opportunity to reevaluate and reshape a response accordingly.
2. Take accountability and lead using transparent and constant communication.
The successful leaders I have met take accountability and lead their teams using transparent, constant communication. Accountability fosters trust and is essential not only with the company’s employees but also with other stakeholders such as the board of directors, clients, regulators, suppliers, and investors. It is crucial to determine what, when, and how to communicate with each stakeholder. A blame game at this stage will do immense damage—instead, establish a “war room” meeting where responders and stakeholders can gather to focus on what can be done to contain and resolve the crisis.
Is there a massive financial risk or reputational risk? Will there be issues with regulators or law enforcement? The goal is to minimise damage to the company’s reputation and maintain trust with stakeholders.
3. Assess and quantify business risk.
During a cyber crisis, assessing and quantifying the business risk is essential to manage the situation effectively. Do this by engaging a team of experts who can assist with the response and recovery process. These should include cybersecurity professionals with expertise on incident response, as well as legal and public relations specialists who can help navigate the complex landscape of regulations and communication.
These experts will be responsible for implementing the containment and recovery plan and will work closely with the CEO and other business leaders to ensure a coordinated and effective response. For example, they would consider the costs and risks of recovery against the costs and risks of ransom payment or identify which business units need prioritisation and immediate recovery support.
4. Understand the incident backwards and forwards.
In a crisis, managing the situation needs to be based on data and facts, which are dependent on granular collected knowledge. The CEO may not be as familiar with the technical details as the Chief Information Officer (CIO) or Chief Information Security Officer (CISO). Still, it is essential that they dive into the details and stay alert and aligned with ongoing updates and daily priorities. By understanding the incident and prioritising critical functions, successful CEOs can make informed decisions and keep the company functioning. It is also vital to ensure that directives are well understood and translated into actionable tasks and that tasks are performed as planned to facilitate a timely recovery.
5. Ensure transparency and cooperation with the board of directors.
One of the key challenges during a cyber crisis is maintaining transparency and cooperation with the board of directors. At this stage, you don’t need more enemies, you need allies. Admittedly, the board may be upset with the company’s management and may even consider replacing him. However, in the cases I have seen, successful CEOs have gained tremendous trust with the board, which has lasted beyond the crisis.
It is important to remember that the board is a part of the company and shares the interest in minimising risks and costs, while the directors are personally responsible and accountable for the company’s performance and future. The CEO should ensure that the board is equipped with the data and knowledge essential for decision-making and that their decisions are based on facts and are helpful when investors, media, or regulators approach the board.
6. Leverage the crisis as an opportunity.
A cyber crisis can be a challenging experience. Still, with the right approach, it can be effectively managed and even leveraged as an opportunity to improve the company’s security and resilience. Successful CEOs have used a crisis as a catalyst to demand and implement a new standard of security within their organisations. They have worked with people, processes, and technology to assess their cyber posture and develop a roadmap for security enhancements. This involves taking the lessons learned from the attack and applying them to prevent future incidents.
In addition to enhancing security, successful CEOs have also used a crisis to improve communication and cooperation with stakeholders. By demonstrating transparency and accountability during the crisis, they have been able to build trust and credibility with the board of directors, employees, investors, and other stakeholders, consequently strengthening the company’s reputation and positioning it for future success.
7. Achieve incident response readiness.
Incident response readiness involves developing a plan that defines the crown jewels, major risk scenarios, containment pre-sets, and teams and responsibilities during a crisis. While having a plan is important, it is also necessary to reassess it according to the unique circumstances of each situation.
This plan should translate into several layers of playbooks that can be efficiently used by different tiers of users, from higher management to business and technical teams. It is also necessary to identify a cyber crisis management team trained to work together to contain the crisis and lead the organisation through a fog of war. This training can include leadership tabletop exercises and technical red team drills to ensure that the team is prepared and ready to respond effectively when a crisis occurs. It is also vital to engage external resources, such as legal assistance, incident response experts, and PR agencies, in preparing for and responding to a cyber crisis.
In conclusion, a cyber crisis can be a major disruption for any business, but with the right approach, it can be effectively managed and the impact minimised. By understanding the situation, taking accountability, engaging experts, prioritising critical functions, enhancing security, investing in a plan, and learning from the experience, CEOs are not only able to lead their teams and stakeholders through a crisis and prevent it from becoming a catastrophe, but also emerge stronger on the other side.