Solution
The only way to find out if your company’s cyber crisis response would stand up to a real event is to put it to the test in as real a scenario as possible. That’s what one large UK energy provider requested of a multi-disciplinary cyber specialist team.
The company wanted a hypothetical but realistic breach scenario to test its incident response capabilities, its management reaction, and their overall readiness for a future event. It was kept a closely guarded secret but had the support of the board. The cyber team was given access to the company’s policies and incident response plan – so they could understand how it should work in theory. They then created a hypothetical but realistic scenario and arrived one morning with a ready-made crisis to deal with.
The scenario was that a supplier to the company had had a major breach, and the energy company, including its systems, had been caught up in the fallout. With the company’s full incident response team in place – more than 20 senior folk – new facts were injected into the crisis as the morning went on. With each new development the teams – who had naturally clustered themselves into business function groups – were asked how they should respond to each new factual development. Invariably, what IT wanted to do differed from Legal, which differed from Communications, and so on.
“It soon became clear that the full team had never met in person before,” says Ian Birdsey, cyber specialist and Partner at Clyde & Co. “There was also little sign of collaboration between the teams – each function saw the crisis only from their own perspective. With no one department allowed to pull rank on the other, decisions needed to be found that benefited the whole company, not one particular business area.”
Towards the end of the scenario it became clear that there needed to be more collaboration and greater transparency, and that the team needed to move forward and work as one.
There had been quite a lot of duplication of efforts between the departments. We were able to identify material gaps where no work had yet been undertaken.
Ian Birdsey, Partner