Managing the Crisis, Not Just the Break-In

Early in my career, when I was a police detective, I investigated crimes like burglary, the act of entering a building or residence without permission, typically to commit another crime, like theft. As cash, jewelry, or electronic items were targeted by the criminals, burglary was classified as a property crime rather than a violent crime.  I have often said, this classification never told the full story of the victim impact of this type of crime. After a criminal violates the safety of one's home, the victim suffers emotional and psychological damage that persists, often for years. In many cases, priceless heirlooms – items handed down through generations – were stolen and pawned for a fraction of what the victims would have paid for their return.  

That's all to say, these crimes were more complex than how they appeared in a police blotter.  Fast forward two decades, and I can draw parallels to my work as a digital forensics and incident response professional. Cyber incidents are complex events that impact many areas of an organization.  However, much like burglary, the media focuses on the break-in, or in this instance, the data breach, and does not cover the behind-the-scenes efforts by the professionals who respond to these crises.  

As a cyber incident is a organizational crisis – one that may expose the organization to liability claims, regulatory scrutiny, reputational or brand loss, and a reduction in share price – an organization must respond with a crisis management approach. While many likely do not anticipate that the legal team is quarterbacking the response, that is increasingly the case.  And the legal team needs special teams players, often vendors that are expert in such work, to facilitate the cyber incident response and concomitant public relations, corporate communications, remediation, and litigation support work. 

Breach response, mitigation, and remediation is crucial to forestalling a business disruption, but it is not the only consideration.  Organizations would be best served to approach a cyber incident as a multifaceted crisis that requires a strategy grounded in managing the crisis rather than focused on addressing only the break-in.