Cyber Event Planning – Hope is not a Strategy

Cyber Event Planning - Hope is not a Strategy

When you’re contemplating cyber event planning and risk mitigation in an IT disaster, hope is not a strategy for mitigating risk.

For Business Continuity planners, data security has become a high priority element of the program. Audits have pushed this to the top of the priority list for many organizations. Even with all the data breaches over the past several years, many organizations are not prepared to react to a data breach. We have seen the entire continuum – from highly prepared for a breach (with formal plans, regular exercises, and technologies in place to prevent breaches) to a strategy of hope – we hope it does not occur.

Every security expert with whom we have worked says it is not if, but when, an organization will have some type of data exposure or cyber event. The cost of these breaches has grown year over year. A 2015 study by IBM and the Ponemon Institute calculated the average cost to organizations (350 companies in the survey) to be 3.79 million dollars. This is an average of $154 per record lost or stolen. Depending on the industry the cost can vary, with the public sector at $68 and retail at $165.

Organizations must make planning for and preventing data breaches an ongoing activity. It should be noted that a basic security penetrating code can be purchased for a little as 10–15 dollars on the web. These codes are not sophisticated, but the ease of access should cause everyone to pause.

Your planning should include the following:

  • Does your organization have or need cyber insurance?
  • What is your response plan in the event of a cyber event?
  • What is your communication plan?
    • Media
    • Social Media
    • Internal
  • Can you afford to shut down your online presence, your online commerce, or access?
    • For how long?
    • Are there portions that can be shutdown, still allowing critical or limited access?
    • Is there a decision point for shutting down access?

These should be identified in advance to allow the Crisis Management Team to make decisions quickly.

Cyber event planning is both a business and IT endeavor. As it relates to data breach or cyber event planning, hope is not a strategy.

Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.

Business continuity consulting for today’s leading companies.

Follow Us

© 2024 · MHA Consulting. All Rights Reserved.

Learn from the Best

Get insights from almost 30 years of BCM experience straight to your inbox.

We won’t spam or give your email away.

  • Who We Are
  • What We Do
  • Blog