Cyber security crisis management

Supporting organisations to prepare for, respond to and recover from cyber crises.

Why does being “crisis ready” matter?

Leaders need to rethink cyber resilience in the face of today’s increasingly frequent, complex and destructive cyber attacks, and the significant financial, operational and reputational risk that can result.

Eliminating the possibility of a cyber attack isn’t realistic, no matter how advanced your technical capability. Resilience to cyber attacks also means being able to withstand or absorb disruption from a cyber incident when it hits, or to respond quickly to minimise the impacts.

That’s why it’s key to take proactive steps to develop and rehearse your holistic response capability and build the resilience, skills and confidence you need to navigate today’s complex cyber risk.

Attributes of a crisis ready organisation

Existing and emerging threats and risks are proactively identified, mitigated and monitored

Critical business services have been articulated and understood, and are used to inform priorities within a crisis response

The expertise of related resilience disciplines is harnessed to enhance and strengthen the organisation’s ability to respond, recover and emerge stronger from crisis

Crisis tools and technologies are in place and understood

Leadership promotes an organisational culture that empowers action and quick decision making during a crisis

Leadership encourages continuous improvement of its crisis capabilities to address new risks

Leaders and crisis responders are trained, rehearsed and exercised regularly

In-house crisis capabilities, vulnerabilities, and gaps are understood and addressed

Roles and responsibilities exist and are understood

Strategic priorities are articulated and used to drive response

Questions to ask yourself

Leadership
Do your leaders know how to set strategy and make decisions amid uncertainty? Do your leaders understand how to build and lead resilient crisis teams?
Strategy
Do you understand the values and strategic priorities that should drive response actions?
Preparation
Have your response teams rehearsed their roles within a response to a cyber attack, including the touchpoints and communication that should exist between them?
Planning
Does your documentation empower your people to adapt to the demands of a crisis, while providing sufficient structure to act as a handrail within a context of chaos and uncertainty?
Stakeholders
Do you understand your stakeholder landscape and their communication requirements?
Technical response
Do your in-house technical teams have the right skills, capability and authority to take action during a cyber crisis? Are they able to translate technical developments into business-focused impacts to support strategic response activities?

How can we help?

Prepare
Respond
Understand and recover
Our team

Prepare

Gap analysis: assessing your organisation’s end-to-end cyber response framework, governance, controls and procedures
Enterprise resilience programme: identifying what is most critical to your organisation (critical business services), and using this to inform planning for disruption
Cyber response plans and playbooks: developing scenario-agnostic crisis management plans and scenario-specific playbooks to support technical and leadership teams in navigating the business-wide response to serious cyber crises
Cyber crisis exercises: designing and delivering exercises ranging from discussion-based ‘plan walk-throughs’ to immersive multi-team simulation exercises for teams from technical to senior leadership levels
Crisis Leadership Centre: equip, encourage and empower leaders to establish strategy, make decisions and build resilient teams during disruption, uncertainty and crisis

Respond

Live support to technical responders, senior management, board and executive level teams during crisis:

Cyber incident response expertise and investigations
Supporting response and recovery teams with experienced crisis managers to coordinate actions and maintain a common situational picture
Providing additional resourcing in support of an organisation’s existing teams, processes and tools to facilitate effective crisis management
Providing specialist advice on the key considerations and decisions for response, and how to implement the organisation’s values, principles, priorities and strategies for effective and rapid recovery

Understand and recover

Post Incident Review to provide an independent end-to-end evaluation of your organisation’s response to an incident. This may include:

Root cause analysis
Timelines of activity
The scale of impact on data, systems and key business operations during the incident
The effectiveness of detection, escalation, investigation, containment, reporting, operational routine, coordination, information management, stakeholder management, leadership, decision making and strategies for recovery

Our team

Our team has extensive experience of managing live crises and supporting strategic decision makers across both the private and public sector. We have crisis management industry specialists as well as communication experts and ex-military, police and intelligence officers.

Our people have been involved in managing a range of crises including large-scale ransomware and data breaches, pandemic, terrorist incidents, product recalls and other reputational issues.

We bring all of this experience to our services, ensuring that we deliver real insight to our clients and support them through some of the most challenging circumstances of their professional careers.