VIEW 22 Breach incident chain

22. Breach incident chain

Some companies mistakenly assume that a cyber-attack is just an IT problem. In fact, almost all departments in an organisation need to be involved in the response to such an incident. The diagram to the right gives a very simplified picture of the main stages in how a cyber incident plays out.

First, bear in mind that the response may not be triggered until several months after the systems have become compromised. Times to detection can easily be this long and the notification of suspicious activity will need to be escalated several times up the bureaucratic hierarchy before a formal breach response is triggered.

22. Breach incident chain

Assemble the response team
The first steps are to inform the board and engage an external breach coach. This individual will then coordinate the response with the key stakeholders which typically are the insurer, legal counsel, IT forensics and crisis communications. These key response team members will then in turn engage with other parties to contain the breach and organise the steps towards recovery.

Insurer:
The insurance provider and the broker need to be notified at a very early stage, not least because many of the costs involved in breach response will be covered as part of the policy. Ideally the range of breach response services will already have been agreed in advance.

Legal Counsel:
A key conduit for communications with the government regulator, law enforcement and handling potential liabilities with third parties. Sound legal advice is essential given the current complexity of data protection and privacy laws. It’s a good idea to use external legal experts for this.

22. Breach incident chain

IT Forensics:
Specialist external IT consultants will be needed to help figure out the source of the breach and the extent of the damage. Once the path to recovery becomes clear, they can then coordinate with in-house IT support to rebuild systems and recover corporate data.

Corporate communications:
Cyber incidents can cause major reputational damage. Skilful handling of communications with customers, the media and internally with staff will reduce this. Call centres and hotlines will need to be set up to cope with the flood of enquiries from concerned customers.