Article

Cyber crisis management - are you up to the challenge?

Developing next generation cyber defences and specialists

With the evolving threat landscape today, organisations must worry about far more than fraud and theft. Cyber criminals are becoming more sophisticated and highly organised and they are focusing their attention to disrupting services, destroying data, and holding systems to ransom. Consequently, the risk challenges for organisations grow more complex: Regulatory fines, legal damages, loss of trust, and reputation damage are becoming part of the equation.

What does it take for organisations to tackle these challenges? It requires much more than only properly managing an incident as it happens; multiple functions and skill sets must be highly trained and coordinated to contain, manage and recover from crisis incidents. And, it also means looking ahead and securing the next generation cyber and crisis management experts.

Breaking the glass ceiling and sparking change

12 women, 3 teams, 2 days, 1 challenge: all-female teams Kassiopeia, Palladion and Qwerty at the 2019 Cyber 9/12 Strategy Challenge

Deloitte is proud to contribute to the training and development of next generation cyber specialists by co-sponsoring the fifth edition of the  European Cyber 9/12 Student Challenge, hosted by the Geneva Centre for Security Policy (GCSP) and the Atlantic Council, and three all-female student teams, each of which consists of students from the ETH Zurich, and the HSG University of St. Gallen.

Team Palladion:

Team Palladion covers a broad spectrum of skills. Anne Gisler, a Law and Economics student, can comment on legal issues while taking the business perspective into account. She’s also acquired professional skills in communication – this makes her the team’s crisis communication specialist. Lena Csomor and Sabina Fischlin study Computer Science, making them the technical cyber experts of the team. With her logical thinking abilities and creativity, Lena is perfectly equipped to solve complex problems. Sabina’s Master in Filmmaking and IT expertise will come in handy when the team needs to illustrate the team’s strategy and write policy briefs during the challenge. Phyllis Steiner is studying Comparative and International Studies with a focus on Security. She can take into account the different capabilities, policies and governance structures of NATO, the EU, and individual nations. Team Palladion distinguishes itself not only through this unique mix of skills but also through optimal preparation.

Team Qwerty:

To understand the bigger picture of cyber security and its associated challenges, you not only need a technical understanding, but also a legal, business and operational perspective. The members of team Qwerty complement each other due to different core competences. Alina Tyukhova has a Diploma of Advanced Studies in cyber security and covers the technical part in the team. Elena Peters is responsible for legal questions during the challenge, as she is studying Law and Economics at the University of St. Gallen. Additionally, she attends a course on cyber security. Anna Czajkowska and Anne-Sophie Marchal are the generalists of the team. They share a similar background, with both of them studying business administration at the University of St. Gallen. Finally, Elena, Anna and Anne-Sophie’s consulting background adds the analytical lens to the team equation. Qwerty is a young international team with motivated and curious members, who are all eager to learn more about cyber security, especially in a policy setting.

Team Kassiopeia:

We identify with Kassiopeia, the turtle from Michael Ende’s book MOMO who

  • had the right timing,
  • identified the decisive forces, 
  • gained the trust for proposed actions and thus 
  • created the most effective answer.

Of course, the name Kassiopeia alludes also to the agglomeration of stars up above the sky that inspires to observe, understand, predict and trace future events – which is our aspiration.

We came together with the objective to solve this year’s European Cyber 9/12 Strategic Challenge, as we are all ultimately interested in fighting cyber threats. But our team composition happened by chance from a pool of diverse students. This might sound like a recipe for disaster, but we think this is going to be part of our biggest strengths. We bring together 20 years of higher academic studies, 5 languages, 2 children, 8 parents, a love for challenges, the desire to learn, find answers and communicate. As we are a new group, we are free to explore and understand together our strengths, better help each other to find our abilities and are therefore not constraint by some old structure and roles that would inhibit our potentials. ​

Crisis situation scenario

It’s 25 April 2021, and in response to a major cyber incident affecting critical infrastructure and services in Europe, the Office of the High Representative of the Union for Foreign Affair and Security Policy has established an international task force to determine the best course of action to prevent a widespread crisis. You are part of this task force and are requested to analyse the intelligence reports from the point of view of cybersecurity, law, foreign policy and security theory, and to present two to four policy response alternatives before recommending what you consider to be the best course of action. Your written and oral briefs will be considered by the Union for Foreign Affairs and Security Policy at 8 o’clock tomorrow morning.

A scriptwriter’s idea for Mission Impossible 7? Not quite, although the task faced by the competitors at this year’s Cyber 9/12 Student Challenge is no less complex. Twenty two teams of students from universities in Europe and the U.S. have a two-day opportunity of experiencing what it means to deal first-hand with a mounting international cyber crisis.

Key takeaways from last year’s challenge

Teams NOBUS and ETHernet took Second and Third Place – an outstanding achievement, which the students attributed to the diversity of their teams. “In our case,״ emphasised one NOBUS team member, “diversity was really essential because each of us had a different approach to the issue. It was not necessarily easier, but it was more efficient in finding a proper solution. Cyber security is a very complex area and needs complex preparation and solutions."

Aside from making new friends, the importance of teamwork, transparent communication and staying calm under stress when addressing major problems, were confirmed as key learnings from the challenge by all participants. As one reassuringly put it: “Even though we can’t predict every crisis in advance, we know we can respond effectively."

What is your organisation's cyber security maturity level?

Our experts can help you assess where you stand today and help you develop a strategy for the future.

Did you find this useful?