The Importance of Incident Response and Crisis Comms

Cyber attacks are one of the most recurring and dangerous events for organisations around the globe, and as systems become increasingly connected and digital, protecting the availability and confidentiality of data is more critical than ever.


Every year billions of records are exposed online, and the common maxim today, is that when it comes to cyber attacks, it’s no longer a case of “if” but of “when” and “how often”.

Unfortunately, a staggering number of breaches are caused by factors that could have been prevented, such as inconsistent data retention policies, malicious or careless insiders, unpatched systems and many more. At the same time, external actors have a major role to pay too, as they exploit all these vulnerabilities to achieve their malicious ends.


And any breach can be catastrophic for an organisation. From direct financial losses, and legal costs, to other factors such as damage to reputation and loss of customer trust that cannot have a monetary figure assigned to them, breaches are an expensive exercise, and companies need to do everything in their power to prevent them, and if they happen, reduce their impact.

However, preventing all cyber incidents is impossible, as successful breaches against some of the worlds largest corporations with the deepest pockets and all the best security solutions in place, have shown us. But any damage to reputation is entirely dependent on the public perception of a business in crisis, and this can be controlled by having an effective incident response and crisis communication strategy in place.


In the event of a cyber incident, there might be a general panic amhttps://www.itrainsec.com/courses/crisis-communications%3A-data-breach-mitigation-strategyong stakeholders, including staff members, and the IT or security teams. Having no incident response plan in place can greatly exacerbate the situation. On the flip side, having a thorough plan in place that with clear instructions on who is responsible for what, detailing assignment of responsibilities, incident response guidelines, and suchlike will reduce panic, and help the business respond with confidence and ease.


Moreover, having a plan in place helps organisations to understand the nature of the attack, quickly, such as how it happened, what systems were affected, which data is at risk, and more. In this way, the security team can take the appropriate steps to contain and remediate the situation, lessening the impact on the company. Another bonus about having a plan in place, is that it helps the business pinpoint any weaknesses and vulnerabilities in its systems and environment, and can help improve the overall security posture.


Having a crisis communications plan in place is also critical. Any cyber breach can cause major damage to the business’s relations with its partners, customers, and investors. If the company fails to communicate on time with all the stakeholders involved, they will lose customer trust and brand reputation.


However, disclosure on its own is not enough. When the businesses discloses, it needs to be specific. It’s human nature, that when we’re not given enough information or detail, we tend to speculate, so when disclosing a security breach, be transparent, and say exactly what happened, how it might affect customers and other partners, and importantly, what you are doing about it, and how you plan to prevent further damage.


With good incident and crisis communication plans in place, disaster can be avoided, damage mitigated, and the company can survive to see another day. As with most things in life, planning is key.