Cyber Crisis Characteristics
Cyber crises have many unique characteristics that mean many of the business as usual structures and decision making processes are unsuitable to developing an effective cyber response. They include:
- High degree of uncertainty: There are often no clear or quick answers to fundamental questions in a cyber attack: What has happened? Has data been compromised and, if so, what data? How long will it take to fix? How did they get in?
- Pervasive impact: A cyber attack can touch every part of an organisation: not only in operations but also key support functions such as media and digital, HR, public affairs. It can also have a long tail, only being discovered months after initiation.
- Technically complex and potentially alienating to senior executives: Many of the senior executives who will be integral to managing an organisation's strategic response may feel uncomfortable and exposed when 'talking' cyber and making related decisions.
- High level of anxiety and emotion: The fear of cyber attacks is high. Stoked by each new media report of an attack or a warning, many people are both worried and ill-informed. Stakeholders will need a high degree of reassurance in the event of a cyber attack and reputation will be on the line.
- High reputational impact: if the attack has become public, the media scrutiny is intense and the reputational impacts deep and lasting
- High legacy risk: many attacks today are being identified months after they happened and bring a unique historical factor into play
- Lack of information: conducting the necessary reviews, forensics and investigations can take days, weeks or even months before you may know just 'what' happened
Steelhenge works with organisations to plan and prepare how it would respond to a cyber crisis. More information on our Cyber Preparedness and Response Services.