The non-IT expert’s guide to surviving a cyberattack


Cyber-crime is one of the fastest growing industries in the world. In the last year, it is estimated that cybercrime costs business over $400 billion, including reputational damage, costs to remediate breaches and interruption to normal business operations . There is no doubt that the real figures are higher due to under reporting and it is projected to reach a staggering $2 trillion by 2019 .

The risks arising from cyber-crime are clearly top-of-mind for the C-suite and those concerns are only likely to increase as the cyber-crime industry grows increasingly sophisticated. This rising level of concern reflects awareness that cyber-crime is no longer “just an IT issue”. The mode of business interruption may be through information technology, but the impacts are organisation-wide and have the potential to destroy businesses.

The most common types of cyber-attacks fall into the categories of ransomware, data theft and malicious interruption. Whilst the technical details of these attack modes are relevant at the operational level, at the board-room it is necessary to understand the type of attack mode as it has significant bearing on your response options and the management strategy you implement.

The following scenario will call on the skills of all the executive team to address it – whether you consider yourself an IT expert or not.

This is the nightmare scenario – compromised systems, breach of privacy, harm to customers and significant reputational damage. Nonetheless, an executive team can take immediate and critical steps to minimise the extent of this breach.

  1. Establish Management Control

With a sudden-onset critical incident, employees and customers will naturally look to the business’ leaders to see who is in charge. There is often a grace period where customers and the general public will sympathise with a business as the victim of an attack. However, this grace period does not last long.

The absence of clear, strong leadership by the executive team can be taken as a sign of incompetence, rapidly turning a potentially sympathetic audience into a hostile one…Click HERE to read full article.