Cyber crisis management: Prepare, respond, recover services

Why does being crisis ready matter?

All organisations are facing increasingly advanced and damaging cyber attacks, the scale and complexity of which is unprecedented. The financial, operational and reputational impacts of these can be immediate and significant – or they may be opaque and almost impossible for you to quantify.

It's never been more important for business leaders to understand the nature of the threats they face and the level of risk they accept. Building and rehearsing a holistic capability to respond to a large scale cyber attack recognises that the ‘cyber’ is a challenge for the whole organisation – a sound technical capability on its own doesn’t reduce the threat and only goes so far towards mitigating the risk.

Attributes of a crisis ready organisation

  1. Existing and emerging threats and risks are proactively identified, mitigated and monitored
  2. Crisis tools and technologies are in place and understood
  3. Leadership promotes an organisational culture that empowers action and quick decision making during a crisis
  4. Leadership encourages continuous improvement of its crisis capabilities to address new risks
  5. Leaders and crisis responders are trained, rehearsed and exercised regularly
  6. In-house crisis capabilities, vulnerabilities, and gaps are understood and addressed
  7. Roles and responsibilities exist and are understood
  8. Clearly defined response priorities

Questions to ask yourself

  • Leadership
    When does a cyber attack become a cyber crisis and how do you as a leader take ownership of the situation?
  • Strategy
    Is investment from your organisation appropriately balanced between prevention, preparation, and response to cyber threats?
  • Preparation
    Have your leadership teams rehearsed their response? Do they know what to do in the event of an incident?
  • Planning
    Do your guidance procedures support technical and business responders?
  • Stakeholders
    Do you understand your stakeholder landscape and their communication requirements?
  • Technical response
    Do your in house technical teams have the right skills, capability and authority to take action during a cyber crisis?

How can we help?

Prepare

  • Crisis Framework review: assessing your organisation’s end-to-end response framework, governance, controls and procedures.
  • Cyber response plans and playbooks: Developing generic crisis management plans and scenario specific playbooks to support technical and leadership teams in the business-wide response to serious cyber incidents.
  • Cyber crisis exercises: Designing and delivering exercises ranging from low-fidelity discussion-based ‘plan walk-throughs’ to immersive, interactive multi-team dynamic simulation exercises for teams from technical to senior leadership levels.

View more

Respond

Live support to technical responders, senior management, board and executive level teams during crisis:

  • Cyber incident response expertise and investigations
  • Supporting response and recovery teams with experienced crisis managers
  • Providing additional resourcing in support of an organisation’s teams, processes and tools running effective crisis management
  • Providing specialist advice on the key considerations and decisions for response, and how to implement the organisation’s values, principles, priorities and strategies for effective and rapid recovery

View more

Understand and recover

Post Incident Review to provide an independent end-to-end evaluation of your organisation’s response to an incident. We may cover:

  • Root cause analysis
  • Action timelines
  • The scale of impact on data, systems and key business operations during the incident
  • The effectiveness of detection, escalation, investigation, containment, reporting, operational routine, coordination, information management, stakeholder management, leadership, decision making and strategies for recovery

View more

Our approach

Drawing on the expertise of our crisis team, organisations can reassure their own customers, communities and stakeholders that they’re able to manage a crisis effectively by implementing a programme of developmental rehearsal activities.

View more

Contact us

Richard Horne

Cyber Security Partner, PwC United Kingdom

Tel: +44 (0)20 721 33227

Claudia van den Heuvel

Crisis Management Specialist, PwC United Kingdom

Tel: +44 (0)207 212 1598

Follow us