Handling a Crisis: Managing Your Cybersecurity Incident Response

The initial hours of a cyber incident are crucial. FTI Consulting experts Wouter Veugelen, Ben Hamilton, Michael Khoury and Tim de Sousa explore the importance of activating your crisis management plan and gathering your crisis management team to lead the strategic response.​

The first few hours of a cyber incident can be the most critical. Invoking your crisis management plan and assembling your crisis management team to lead the strategic response are the key first steps.

The crisis management team consists of senior internal stakeholders with operational responsibility for managing your organisation's response to the crisis. At the same time, you need to call on your external advisers to support you on the legal, technical, incident response and crisis communications issues.

Critical Role of Crisis Communications in a Cyber Incident

Effective communications during a cyber crisis ensures you manage the narrative with both internal and external stakeholders. It's essential to demonstrate control over the situation and clearly articulate how you're responding to the incident. Take control of your own story to ensure accurate information is shared—if you don’t, someone else will, risking misinformation and loss of trust.

Restoring Business Operations vs Investigating the Incident

In incident response, there can be a tension between getting the business back online and conducting a thorough investigation to uncover how attackers gained access, which systems were affected, and what data may have been compromised. Striking a balance between swift recovery and a comprehensive investigation is crucial. Rushing the process could increase your vulnerability to future cyber incidents.

Once your systems have been forensically preserved, your cybersecurity advisors should outline a detailed plan for the necessary analyses. This can include identifying the attack vector, reconstructing a timeline of events, and collaborating with regulatory bodies and legal counsel to accurately understand and document what transpired.

Demonstrate Trustworthiness in Protecting Data Privacy

From a privacy perspective, one of the first priorities is identifying the affected individuals—whether staff, customers, or third-party vendors. This is necessary for assessing the level of risk posed by the incident. Regulators expect organisations to prioritise the well-being of individuals beyond the immediate consideration of restarting business operations. This involves:

  • addressing the impact on affected individuals
  • understanding the specific risks they face
  • implementing proactive measures to mitigate those risks.

FTI Consulting can support your cybersecurity incident response at every step. Find out more here.

Watch Our Cybersecurity Video Series

Related Information

Published

October 22, 2024

temp Key Contacts

Wouter Veugelen

Senior Managing Director, Head of Australia Cybersecurity

Ben Hamilton

Senior Managing Director

Michael Khoury

Senior Managing Director, Head of Australia Technology

Tim de Sousa

Managing Director

Sign up to get access to FTI Consulting Insights

Subscribe