The Growing Reality of a Cyber-Crisis

Effectively Managing Your Response in This New Territory

Cyber crisis incidents receive considerable media attention. Do you know what to do if your company has a breach? 

We have seen countless US businesses and individuals fall victim to hackers, and it seems to become more commonplace everyday. So how do you respond if your company finds itself the victim of hacking or a serious data breach?  

What’s the Plan?

In a 24/7 world of social media, if a cyber-crisis hits, it is essential that you have taken the time in advance to ensure you are ready to respond quickly and effectively. Like any crisis plan, the goal of your cyber security crisis plan is to provide internal and external order as the cyber incident is played out. 

Your response team: The core response team should be composed of technical subject matter specialists, the CEO, non-IT management stakeholders from legal, finance, and other senior executives.

Elect a note taker: At the outset, you should appoint a go-to person involved in the process to take detailed notes on every call in every meeting. 

Establish procedures: Establish a communications protocol whereby all personnel will forward any inquiries related to a crisis to internal and external PR contacts. 

Understand the Impact: Understand that 
in crisis situations, decisions often must be made based on imprecise information. 

Plan ahead. A communications 
plan is a key element of an effective crisis management response. It should be deployed early in the process in order to assist with coordinated fact-gathering, media statements and strategic outreach.

Establish an inclusive media list: Prepare a list of reporters and editors who write about your Firm on a consistent basis and who would likely call in a crisis. Update contact information often.

Control the narrative: Use various media tools to take in information in real-time, push out information at strategic times, and gain a voice in the media space. Ensure that your content is succinct, precise, and delivered consistently across your organization.

Notify clients if needed: There is the natural instinct to notify clients as quickly as possible; however, before you reach out, make sure all information is accurate and you have done what is necessary to prevent a relapse. 

Do you require cyber specific outside counsel? 
Cyber incident response requires specialized legal assistance. Identify counsel who can provide guidance about initial regulatory notifications and assess whether NYSE/Nasdaq and SEC disclosure requirements are necessary?

Follow Up and Follow Through

The importance of follow up in a crisis situation cannot be overstated. 

You must continue to reassure those involved, as well as the media that you are doing everything possible to deal with the issue at hand, as well as to prevent a future cyber-crisis situation. 

It is critical to be prepared. Having a written plan and an internal response team is key. If you don’t have that in place, get one now. If you have a plan, review it for relevancy in this more challenging information age.