Cyber breaches are no longer something that happens to someone else with one in five UK companies now thought to be hit by an attack.
NTT Security’s 2016 Risk:Value report revealed that to recover from a security breach would cost upwards of £1.2m on average for a UK business. This doesn’t even take into account the ‘hidden costs’ of reputational damage and brand erosion. Hoping for the best is not an option, but putting clear processes in place to prevent a cyber attack in the first place, together with a robust incident response and a crisis management plan to minimise the damage, is crucial.
There is a distinct difference between incident response and crisis management when it comes to a security breach. An incident response plan focuses on the specific processes that a company would go through in response to a breach. This is often less about technology and more about people and processes. Most organisations have the means to detect an incident, but few know how to respond it. Last year's NTT Global Threat Intelligence Report showed that nearly three-quarters (74%) of organisations do not have an incident response plan in place.
A crisis management plan should focus on the actions and processes to protect the reputation of a business, its products and services. Crisis management situations relating to security might include loss of customer data, such as credit card numbers or bank details, theft of a company’s IP (intellectual property), or if the CEO becomes the target for an attack in what is known as CEO fraud. This is a targeted attack where an attacker pretends to be the CEO and sends an email to another member of staff asking for a bank transfer, which ends up in the criminal’s bank account.
Of course, there is no perfect response to a crisis, but effective crisis communication can minimise the damage to an organisation's reputation following a security breach. If and when the time comes to put it into action, businesses must not forget the basics of prompt and direct communication – customers, shareholders, suppliers and staff need to be reassured. As with any crisis, they should be prompt, accurate and consistent in their approach and perhaps, along with appropriate action, this could help show the strength and credibility of their brand as a business, rather than allowing a cyber breach to potentially destroy it.