How a CEO handles a cyber incident can result in an ordinary outcome, or one that repairs and rebuilds trust extraordinarily

Cyberattacks have become so frequent and common that it has now become a question of “when” and not “if”, putting a spotlight on how organizations manage their cybersecurity posture.

While cybersecurity should be one of the most essential priorities of organizations, one other aspect must be given equal importance and consideration—how to manage the situation when an cyberattack takes place. A cyber crisis can be a major disruption for any organization, but with the right approach, it can be effectively managed to minimize the impact.

Guy Segal, Vice President, Cyber Security Service (APAC), Sygnia

Here are seven ways that Chief Executive Officers and leaders have used to effectively manage a cyber crisis.

    1. Contain the incident with utmost priority
      It is difficult to gain a firm grip on a crisis if you do not fully understand what has shaped it and where it is heading. CEOs need to lead both their internal teams and external providers to investigate the root cause of the incident and understand what assets, data, clients, or suppliers are involved or exposed. This understanding allows for successful development of a containment strategy to limit the damage. As more information is collected and analyzed, the picture becomes more precise, and there is an opportunity to reevaluate and reshape a response accordingly.

    2. Take accountability, and demonstrate transparent and constant communication
      Accountability fosters trust, and it is essential not only with the firm’s employees but also with other stakeholders such as the board of directors, clients, regulators, suppliers, and investors. It is crucial to determine what, when, and how to communicate with each stakeholder. A blame game at this stage will do immense damage—instead, establish a “war room” meeting where responders and stakeholders can gather to focus on what can be done to contain and resolve the crisis.

      Is there a massive financial risk or reputational risk? Will there be issues with regulators or law enforcement? The goal is to minimize damage to the firm’s reputation and maintain trust with stakeholders.

    3. Assess and quantify business risk
      During a cyber crisis, assessing and quantifying the business risk is essential to the effectively management of the situation. Do this by engaging a team of experts that can assist with the response and recovery process. These should include cybersecurity professionals with expertise in incident response, as well as legal and public relations specialists that can help decision makers navigate the complex landscape of regulations and crisis communication.

      These experts will be responsible for implementing the containment and recovery plan and will work closely with the CEO and other business leaders to ensure a coordinated and effective response. For example, they would consider the costs and risks of recovery against the costs and risks of ransom payment or identify which business units need prioritization and immediate recovery support.

    4. Understand the incident backwards and forwards
      In a crisis, managing the situation needs to be based on data and facts, which are dependent on granular collected knowledge. The CEO may not be as familiar with the technical details as the Chief Information Officer or Chief Information Security Officer, but it is still essential that the C-level executives dive into the details and stay alert and aligned with ongoing updates and daily priorities. By understanding the incident and prioritizing critical functions, CEOs can make informed decisions and keep the company functioning. It is also vital to ensure that directives are well understood and translated into actionable tasks, and that tasks are performed as planned, to facilitate timely recovery.

    5. Ensure transparency and cooperation with the Board
      One of the key challenges during a cyber crisis is maintaining transparency and cooperation with the board of directors. At this stage, you do not need more enemies—you need allies. Admittedly, the board may be upset with the firm’s management and may even consider replacing the key people. However, in the cases we have seen, CEOs with successful crisis response performance gained tremendous trust with the board of directors, and have lasted beyond the crisis.

      It is important to remember that the board is a part of the firm and shares the interest in minimizing risks and costs, while the directors are personally responsible and accountable for the organization’s performance and future. The CEO should ensure that the board is equipped with the data and knowledge essential for decision-making; that their decisions are based on facts that are helpful when investors, media, or regulators approach the board.

    6. Leverage the crisis as an opportunity
      With the right approach to containment, a cyber crisis can even be leveraged as an opportunity to improve the firm’s security and resilience. CEOs have used a cyber crisis as a catalyst for galvanizing and implementing higher standards of security within their organizations. They have worked with people, processes, and technology to assess their cyber posture and developed a roadmap for security enhancements. This involves taking the lessons learned from the attack and applying them to prevent future incidents.

      In addition to enhancing security, CEOs with a successful mindset have used a crisis to improve communication and cooperation with stakeholders. By demonstrating transparency and accountability during the crisis, they are been able to build trust and credibility with the board of directors, employees, investors, and other stakeholders—consequently strengthening the firm’s reputation.

    7. Achieve incident response readiness
      This involves developing a plan that defines the crown jewels; major risk scenarios; containment pre-sets; and the teams and responsibilities during a crisis. While having a plan is important, it is also necessary to reassess it according to the unique circumstances of each situation.

      This plan should translate into several layers of playbooks that can be efficiently used by different tiers of users, from higher management to business and technical teams. It is also necessary to identify a cyber crisis management team trained to work together to contain the crisis and lead the organization through a fog of war. This training can include leadership tabletop exercises and technical red team drills to ensure that the team is prepared and ready to respond effectively. In preparing for and responding to a cyber crisis, it is also vital to engage external resources such as legal experts, incident response experts, and PR agencies.

By understanding the situation, taking accountability, engaging experts, prioritizing critical functions, enhancing security, investing in a plan, and learning from the experience, CEOs will be able to lead their teams and stakeholders through a crisis successfully, and also emerge stronger.