IT teams that don’t have incident response cover tend not to call immediately for specialist support. They are more likely to attempt a DIY fix. The peak time for calling in the experts is a Friday afternoon – when the internal team has done its best all week, but finally admits to its superiors that it is out of its depth.

The reluctance to call in the experts stems not only from natural pride in being able to do it themselves, but also from a fear of losing control when others swoop in.

Unfortunately such delays can be calamitous, amplifying both the impact and the exposure. And when they finally accept the need for help, there is a real risk that they will call in the wrong people – not having the time to accurately select the right experts.

Organisations with cyber incident response cover are far quicker to call for help and are thereby able to limit impact and exposure. They also find that working with us is far easier than they may have expected. Our expert team focuses on rapidly identifying the problem. They then work closely with the internal team to enable them to make the neccessary changes and to examine data logs to establish the full scope of any intrusion or data loss. It is an entirey collaborative experience.

And long before any incident, our risk audits and contingency planning can help the team mitigate any risks so as to avoid cyber incidents entirely.

Your compliance team will be focused on ensuring that you meet your obligations under the GDPR (and DPA) and in doing so ensuring that you avoid the wrath of the regulator. Getting it wrong could result not only in significant potential fines, but also in the loss of the right to process data.

Your compliance team will also be familiar not only with the need for a cyber incident response plan, but also with the need to test it. The Article 29 Data Protection Working Party, set up specifically to clarify parts of the GDPR, agreed that breach prevention and response is key to any security policy. Specifically, Article 32 of the law states that technical and organizational measures need to include: “regularly testing, assessing and evaluating”. 

It things go wrong then the compliance team understands that they will be asked to explain what measures they took to ensure crisis preparedness.

Our annual scenario planning workshops help your compliance to review the threat landscape and revise both your crisis management plan and your cyber incident response plan accordingly. On top of this our annual or bi-annual immersive simulation exercises to put your entire team to the test and ensure that they are crisis ready. Such simulations are the only effective way to test your crisis preparedness and to be sure that you meet your obligations under the GDPR.

Most firms have both internal legal counsel as well as a retained firm of solicitors. When things go wrong they all understand that the first question that they will be asked is whether they sought specialist legal advice and whether they then followed this advice.

And when it comes to preparing a legal strategy and a legally defensible narrative, they will typically seek specialist opinion from a QC (Queen’s Counsel) for assurance before then reassuring the board that they have navigated all the regulatory hurdles.

Seeking specialist opinion from the right QC is an almost inevitable step and we simply provide direct access to the very best QC available.

It is the best way to achieve a legally defensible position in face of The General Data Protection Regulation (GDPR) and the Senior Managers and Certification Regime (SMCR) – both before any potential investigation and in the event of an investigation by the ICO.

Many firms have both an internal PR team and an agency one. When a crisis strikes they work together to address the situation.

Unfortunately traditional crisis management techniques don’t work with a cyber incident, and may even make things worse (here’s why).

Our reputation management team isn’t seeking to displace your PR agency – any more than a heart surgeon would seek to take on the role of family doctor. Instead we work with your internal PR team as well as your agency to provide specialist support.

Not only does our team have incredible crisis manmagement experience – from leading global troubleshooting for IBM to providing specialist support to the World Health Organisation – but we are also experts in cyber incident response. We work with your teams to help them understand the totally different approach that is required with a cyber incident.

We also have global credibility and authority in cyber security, as well as relationships with the leading journalists, analysts and influencers in this arena.

At a time when it’ll be all hands to the pumps, we provide invaluable cyber comms expertise to help your team deal with added complexity and enhanced comms workload.

Any crisis caries with it the treat of misinformation and hysteria on social media and in the press, but cyber incidents are different in nature and thus far more prone to this particular threat.

Following a cyber incident, your own credibility will be at an all time low, so the trick is to think ahead and develop relationships with leading security and privacy influencers in advance so that you can leverage their credibility when it matters most. Key opinionleaders can be used as trusted voices to counter misinformation with authority and counter hysteria with reach and credibility.

Our team includes world-leading opinion leaders for privacy, cyber security and digital ethics.