Cyber-attacks are the scourge of modern businesses. There are now serious responsibilities for business under the General Data Protection Responsibilities (GDPR).
Since cyber-attacks can very quickly become evident and reach a lot of people, there is an instant reaction to them.
That is why the main responsibilities for any organisation involved in an attack are:
- To recover the data as quickly as possible.
- To restore the service.
- To prepare a response to regulatory authorities.
- To maintain reputational risk.
Tolerance of Companies that have been under attack is now much lower that it was, due of the effects of recent events. Companies now have 72 hours to admit to cyber-attacks under the GDPR rules and hefty fines can be levied if they do not respond.
In a survey carried out by Microsoft here is what Executives were worried about in response to a cyber-attack on their business:
- Business interruption – 75%
- Reputational damage – 59%
- Breach of customer information – 55%
- Data or software damage – 49%
- Extortion and ransomware – 41%
- Liability to third parties resulting from a breach – 35%
- Loss of intellectual property – 28%
How can you prepare to manage the situation after a cyber-attack? It takes co-operation of the IT, operational and public relations departments to:
- Establish the risks, as far as you are able, in advance of an attack and try to anticipate likely scenarios and their impact on the business.
- Establish the effects on your customers and ways to mitigate them – taking down the service is not an option, for example in banking.
- Establish a PR policy that apologises, explains the nature of the problem and reassures customers about what is being done.
These policies can be prepared in advance and it is possible to spring them into action immediately after an attack.