Cyber Crisis Exercising

Currently, cyber attacks are increasingly targeting critical infrastructures and major players from all sectors, widening the operational, legal and reputational risk caused by inadequate resilience within the more aggressive and complex cyber space. This is one important reason to exercise potential failures of technical and organizational security measures trough a crisis simulation exercise.

Customers, suppliers, employees, and other stakeholders understand that crises will occasionally affect the organization. What they find hard to understand are the lack of preparation, the inadequate responses, and the confusing communications coming from the management.

What organizations can do

Organizations should increase their ability to absorb both the operational and mediatic impact triggered by critical cyber incidents trough crisis simulations with top management and crisis handling teams.

Trough table-top exercises, most of the activities with strong relevance during real crises may be reviewed and trained:

• Key Strategic Decisions taken by the management during specific crisis scenarios;

• The internal and external communication strategy;

• The legal response, notification timeline and ownership;

• The roles and actions pre-defined in Crisis Management and Business Continuity plans.

The most relevant and fruitful crises simulation exercises are those attended by the entire management team, including the key people in charge with internal and external communication, legal & compliance, fraud, finance, IT, operations, production, procurement, cybersecurity, privacy and business continuity.

How Deloitte can support

Deloitte experts review the crisis management framework and prepare personalized table-top exercises for management teams, covering the most important types of cyber risk scenarios.