Securing business data

News Article

Crisis Management: How To Handle A Cyber Security Incident

by Paul Rose | 05 Mar 2018


When a cyber security incident happens, more often than not people in the organisation will turn to the IT department to fix it.

Without a doubt the IT department has a part to play and yes, its typically seen as their responsibility to either conduct the initial triage or to resolve the technical issue in its entirety. However, they are by no means the only players required to handle the crisis and organisations often overlook or completely underplay who else needs to be involved, failing to communicate to the rest of the organisation the part they need to play.


Cyber security incidents can come in many forms; they could be triggered by something as simple as a Twitter account being hacked, or it could be a denial of service (DDOS) attack on the ecommerce site. It could also be a major breach of data and financial records. Irrespective of the type it will not be the sole responsibility of the IT department to fix; different attacks mean different responses from several key members of personnel or departments.


Organisations therefore need to look beyond incident management and consider building a crisis management capability. The strategies and procedures that an organisation adheres to prior to, during and after a cyber security crisis are critical.


Defining cyber security levels: Define the "state of readiness"; when do you trigger actions to be taken? As you move to more severe levels what does that mean and what do you do during normal operations? Have you got cyber security playbooks in place?

Identify a Crisis Management Team (CMT): Individuals who respond, coordinate and react as a team in a crisis. Typically consists of Executives, Senior Management and individual employees who have specialist knowledge, such as IT administrators or media relations representatives. They act as the core team during the crisis and direct operations.

Have a Crisis Management Plan (CMP): A CMP anticipates crises; that's its sole purpose. If you are proactive and prepared, then you will have a "fighting chance" of how to react when things go wrong.

Train: Consider simulations, media relations and journalist response training with regards to how staff are expected to deal with a crisis.

Have a Crisis Communications Plan (CCP):

  • Fact gathering - what should be communicated, what response is needed?
  • Key messages - what is going to be included in all communications?
  • Assign spokespeople - Some senior personnel, as well as someone charged primarily with communications responsibilities
  • Update electronic media - Blogs, websites, twitter, Facebook, etc; how these are done, how regularly and by whom?
  • Law Enforcement - Do they need to be involved? If so, what is the communications channels and what reporting needs to be adhered to?
  • Phone calls - How to handle phone calls from customers and the press, develop scripts for the staff
  • Media Relations - Spokespeople; who and how they communications and the relationships that will be required to be forged
  • Approval - Who approves information prior to releasing? How is this done?
  • Media Monitoring - what and how is it monitored? Online coverage?

Elizabeth Heusler from Heusler Public Relations, says: "There are plenty of issues that never make the evening news. The idea is to have plans and strategies in place to prevent the issue in the first place.

"At my firm, Heusler Public Relations, issues management is built into every campaign.  It’s the time for paranoia and pedantry to shine – after decades in the communication arena, we know all the traps and pitfalls and we ensure those checks are integral to all our work. Furthermore, we do have a crystal ball, and years of experience can predict each turn.

"Before worrying about issues and crisis management, companies would be best advised to have practices and processes in place to stop mistakes before they happen. Having a spokesperson assigned, trained and practiced in communicating negatives is a good place to start. 

Some disasters call for a CEO and other times a line-manager or technical person will be the appropriate spokesperson. Usually your PR agency will be the first line of defense.  Deciding who or how that decision is made, will stand you in good stead – and in the face of an emergency that will all be in place."

This is by no means an exhaustive list. There are a multitude of other factors to consider, but it is designed to get you to think. These are areas that highlight the several critical elements of any crisis management programme. By having a Crisis Management Plan in place, organisations are better prepared to identify potential attack scenarios, enabling you to better handle a security incident irrespective of type and scale. An effective CMP will also take into account any required legislation or regulations, ensuring your organisation remains compliant.

If you'd like to find out more about crisis management and incident response, or to speak to an expert, click here.

Before worrying about issues and crisis management, companies would be best advised to have practices and processes in place to stop mistakes before they happen.  Often, it’s just an oversite, someone sending out material in a rush, not proofing material or not having a second sign-off.  Letting the untrained or uninitiated loose in the public domain.   

Paul Rose, CTO & Head of Consultancy, CNS Group

With over 20 years’ experience in the cyber security sector, I have been responsible for developing the security element of CNS Group’s offering.  As a Security Information Assurance Architect, Design Authority and Lead Auditor, I deliver successful projects and programmes into public sector organisations, whilst maintaining security to HMG (Blue light services, NHS, Local and Central Government) PCI (PCI QSA) and ISO standards.

Prior to CNS Group, I worked as a Security Consultant, notably working with Nat West, pioneering confidential online banking processes. 
My first experience of working in security, was in the Royal Navy for over 10 years, where I learnt about the importance of security and encryption methods in military communications.

call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere