• Collaboration across functions is
a necessity for a successful crisis
• Network weak points can be
identified with sophisticated
• Underwriters should be privy to
the results of internal testing.
To minimize the financial and reputational damage from a cyber attack, it is absolutely critical that businesses have a cyber incident response plan. “Sadly, not all yet do,” said David Legassick, head of life sciences, tech and cyber, CNA Hardy. In the event of a breach, a company must be able to quickly identify and contain the problem, assess the level of impact, communicate internally and externally, recover where possible any lost data or functionality needed to resume business operations and act quickly to manage potential reputational risk.
This can only be achieved with help from the right external experts and the design and practice of a well-honed internal response.
The first step a company must take, said Legassick, is to understand its cyber exposures through asset
identification, classification, risk assessment and protection measures, both technological and human.
According to Raf Sanchez, international breach response manager, Beazley, cyber-response plans should be
flexible and applicable to a wide range of incidents, “not just a list of consecutive steps.”
They also should bring together key stakeholders and specify end goals.
With bad actors becoming increasingly sophisticated and often acting in groups, attack vectors can hit
companies from multiple angles simultaneously, meaning a holistic approach is essential, agreed Jason J. Hogg,
CEO, Aon Cyber Solutions.
“Collaboration is key;— you have to take silos down and work in a cross-functional manner.”
This means assembling a response team including individuals from IT, legal, operations, risk management,
HR, finance and the board;— each of whom must be well drilled in their responsibilities in the event of a breach.
“You can’t pick your players on the day of the game,” said Hogg. “Response times are critical, so speed and
timing are of the essence. You should also have a very clear communication plan to keep the CEO and board of
directors informed of recommended courses of action and timing expectations.”
People on the incident response team must have sufficient technical skills and access to critical third parties
to be able to make decisions and move to contain incidents fast. Knowledge of the company’s data and network
topology is also key, said Legassick.
“Perhaps most important of all,” he added, “is to capture in detail how, when, where and why an incident
Awareness of cyber risk is increasing, but some companies
may be neglecting to prepare adequate response plans that
could save them millions.;
By Antony Ireland and Dan Reynolds
occurred so there is a feedback loop that ensures each threat makes the cyber defense stronger.”
Cyber insurance can play a key role by providing a range of experts such as forensic analysts to help manage
a cyber breach quickly and effectively (as well as PR and legal help).
However, the learning process should begin before a breach occurs.
PRACTICE MAKES PERFECT
“Any incident response plan is only as strong as the practice that goes
into it,” explained Mike Peters, vice president, IT, RIMS;— who also
conducts stress testing through his firm Sentinel Cyber Defense Advisors.
Unless companies have an ethical hacker or certified information
security officer on board who can conduct sophisticated simulated attacks,
Peters recommended they hire third-party experts to test their networks
for weaknesses, remediate these issues and retest again for vulnerabilities
that haven’t been patched or have newly appeared.
“You need to plan for every type of threat that’s out there,” he added.