What should the business do in the event of a cyber incident?
Prevention is better than cure and having a robust IT infrastructure is of key importance. This is achieved through early intervention, by involving the cyber team in any major technological initiatives, and further by promoting a strong cyber security culture across employees. Furthermore, organizations should consider the possibility that a cyber incident can occur to them at any time. A clear strategy and dedicated response plans – based on incident scenarios – are required. Regular exercises through simulations are necessary to ensure the effectiveness and resilience of the respective plans under pressure.
Typically, the Crisis Management Team (CMT) leads the cyber incident response and directs the organization during a crisis. It is the responsibility of the CMT to develop runbooks outlining detailed steps to help the organization reduce the impact and to return to business-as-usual as quickly as possible.
Although the CMT is in charge of coordinating and taking the lead during emergencies, a successful response to an incident is a joint effort across different teams within the organization. Typically, the Computer Security Incident Response Team (CSIRT), Corporate Communications and the Legal department liaise regularly with the CMT to contain the incident. They enable a proper communication strategy towards the media, clients, internal stakeholders and regulatory bodies (e.g., FINMA, FMA etc.). For critical incidents, business continuity plans are used to understand how business lines are being affected.