by Maya Harruna
Cyber-attacks are becoming more sophisticated and brazen, and are affecting businesses of differing sizes and sectors. Despite cyber-crime rates continuing to rise, companies are still unprepared when it comes to fighting off cyber-attacks. Recent figures have found that cyber security incidents have cost UK firms £34.1bn.
Most businesses require confidential information from clients in order to provide services, with a recent government survey uncovering that three-fifths (61 percent) of UK businesses hold personal data on their customers electronically. While technology has made us more efficient, it has also increased the challenge of protecting private information from accidental or malicious actions.
Business leaders have recognised that cyber-attacks present a critical risk to their businesses, and are putting systems in place to protect the business from aggressive attacks. However, many are failing to put effective crisis management strategies in place, in case an attack does overcome the system.
Crisis management is something most businesses understand. However, these same businesses find that their crisis-management procedures fall short when a major "cyber incident" occurs. Swift, decisive action is the key to containing a cyber-attack.
Slower response times can have an extremely damaging impact on a business, resulting in a loss of public trust, concerned stakeholders, and mounting pressure from the media for answers.
Here are three top tips to survive a cyber-attack:
Step 1: Put your plan – and your team – to the test
Once you have your crisis-management strategies in place, it’s essential to test it. Testing the plan allows you to detect gaps and strengthen the plan before you actually need to put it to use. It also helps your team develop muscle memory and crisis management instincts that everybody will be very grateful to have in the event of a real crisis.
You certainly don’t want to test it in the midst of a breaking crisis!
Step 2: Mobilize the Response Team
The key to minimising the damage caused by cyber-attacks is a swift response. One of the challenges with this type of crisis is that you will have two main focuses when it comes to your crisis communications: one focus will be on relationship maintaining (in other words, trying not to lose the trust of your stakeholders), and the second will be your legally required notifications, which are case-specific.
With these two focuses in mind, you must communicate with your two different audiences using an appropriate tone of voice, whilst highlighting key message points. Also, if the cyber-attack has resulted in a major compromise of your customer data, you’ll need to inform your customers and likely prepare for media attention.
This isn’t an easy undertaking, but with the right help you can get ahead of the crisis.
Step 3: Repair Customer Relationships
Your customers will be concerned about the cyber-attack, even if their personal data is secure. In this high pressure situation, transparency is key.
Keep customers in the loop by sharing continuous updates about what you’re doing to resolve the current incident and also to prevent future attacks. Social media users are equipped to vent their anger online, so businesses must do all they can to mitigate potential brand damage.
Hackers are constantly evolving their techniques and finding new methods to circumvent security systems. With this in mind, it’s important to continue to build your cyber skills with ongoing advanced education so you’re ready for the worst case scenario.
With privacy laws constantly evolving, creating new responsibilities, and hackers becoming more sophisticated, it is essential that businesses are prepared for the growing number of cyber-attacks that can occur in a multitude of different ways.
Having the right IT structures and controls in place is the first step. But from there, it’s also important to think through and develop comprehensive crisis management strategies and protocols for managing this type of crisis – Working alongside an expert can ensure that you are protected “when” not “if” an attack happens. In the digital business landscape, no one is immune.