After the Equifax data breach, many corporations are reevaluating their cyber risk posture to ensure they have invested sufficiently to align their cyber capabilities to the nature, complexities and inherent risks of their business. In a recent paper entitled “Embedding Cyber Defenses Where They Matter”, we outlined six areas where corporations need to focus to improve their cyber defenses. Yet even if your organization ranks above average in all six areas, there is a seventh that is critical – your readiness to effectively respond to a cyber
event.
A major cyber event can, if not handled correctly, result in company ending losses or the termination of one or more senior executives, including the CEO. The time to plan your response is before your Board is demanding answers on how the company is going to respond to an emerging threat
No matter how good your cyber defenses, it is nearly guaranteed that your company will be attacked and very likely eventually breached. Your readiness to respond effectively is critical, which means you need to:
- Define a team with a clear leader with sufficient authority and resources
- Create a clear plan
- Drill, drill, and drill some more
- Be prepared for attackers bent on your destruction, not just money
- Conduct post-mortems on actual attacks
