Collaboration with ALL business functions

Working together:

There is a perception that in a crisis you either use the internal team or the usual external advisors or a group of specialists. The reality is that you invariably need all three.

When you consider your health, there are specific aspects that you’d expect within a company, from first aid to occupational health. However if you feel ill and need a professional diagnosis you’d go to your family doctor, but if you needed specialist support for say a heart complaint then he’d refer you to a heart surgeon. Each of these are necessary and entirely complementary.

Similarly, we work with your in-house teams as well as your retained agencies and external advisors – and we do so as and when you need us. And also, much like your heart surgeon, we are there whenever you need an occassional check-up, but we are also there when you really need us most – in times of crisis.

  • Our services are modular: choose exactly what you need from our technical, legal, reputational and social support services.
  • Our standard services are of undoubted value to all: you get real value for your membership with everything from contingency planning to immersive simulation exercises.
  • Our incident response provides elite support in a crisis: on invocation, our expert team swing into action to ensure that you are able to respond swiftly and effectively
  • Thereafter you choose what you need when and how you need it: beyond initial invocation, our experts are available on an on-demand basis.

Working with each of your business functions - collaborating without conflict:

Realistic immersive crisis simulation exercises are the best way to put your team to the test, to see how they’d perform in a crisis and how well they cooperate under pressure, and at the same time, they are also the best way to meet your obligations under the GDPR (and DPA) for “regularly testing, assessing and evaluating” your processes.

Such exercises need to span all the critical functions that will be central to any crisis management team – from the leadership team, CIO and CISO to the CMO and comms director – so the simulations that we run bring all these functions together to ensure that they are all crisis ready.

To be effective crisis preparedness requires cross-functional collaboration. The same is true on a broader basis for organisations wanting to adopt a culture of digital ethics (see white paper).

For more detail about how we work with each individual business function, see the sections below.

Crisis Preparedness and Digital Ethics are Team Sports

We support effective collaboration between business functions

IT teams that don’t have incident response cover tend not to call immediately for specialist support. They are more likely to attempt a DIY fix. The peak time for calling in the experts is a Friday afternoon – when the internal team has done its best all week, but finally admits to its superiors that it is out of its depth.

The reluctance to call in the experts stems not only from natural pride in being able to do it themselves, but also from a fear of losing control when others swoop in.

Unfortunately such delays can be calamitous, amplifying both the impact and the exposure. And when they finally accept the need for help, there is a real risk that they will call in the wrong people – not having the time to accurately select the right experts.

Organisations with cyber incident response cover are far quicker to call for help and are thereby able to limit impact and exposure. They also find that working with us is far easier than they may have expected. Our expert team focuses on rapidly identifying the problem. They then work closely with the internal team to enable them to make the neccessary changes and to examine data logs to establish the full scope of any intrusion or data loss. It is an entirey collaborative experience.

And long before any incident, our risk audits and contingency planning can help the team mitigate any risks so as to avoid cyber incidents entirely.

Your compliance team will be focused on ensuring that you meet your obligations under the GDPR (and DPA) and in doing so ensuring that you avoid the wrath of the regulator. Getting it wrong could result not only in significant potential fines, but also in the loss of the right to process data.

Your compliance team will also be familiar not only with the need for a cyber incident response plan, but also with the need to test it. The Article 29 Data Protection Working Party, set up specifically to clarify parts of the GDPR, agreed that breach prevention and response is key to any security policy. Specifically, Article 32 of the law states that technical and organizational measures need to include: “regularly testing, assessing and evaluating”. 

It things go wrong then the compliance team understands that they will be asked to explain what measures they took to ensure crisis preparedness.

Our annual scenario planning workshops help your compliance to review the threat landscape and revise both your crisis management plan and your cyber incident response plan accordingly. On top of this our annual or bi-annual immersive simulation exercises to put your entire team to the test and ensure that they are crisis ready. Such simulations are the only effective way to test your crisis preparedness and to be sure that you meet your obligations under the GDPR.

Most firms have both internal legal counsel as well as a retained firm of solicitors. When things go wrong they all understand that the first question that they will be asked is whether they sought specialist legal advice and whether they then followed this advice.

And when it comes to preparing a legal strategy and a legally defensible narrative, they will typically seek specialist opinion from a QC (Queen’s Counsel) for assurance before then reassuring the board that they have navigated all the regulatory hurdles.

Seeking specialist opinion from the right QC is an almost inevitable step and we simply provide direct access to the very best QC available.

It is the best way to achieve a legally defensible position in face of The General Data Protection Regulation (GDPR) and the Senior Managers and Certification Regime (SMCR) – both before any potential investigation and in the event of an investigation by the ICO.

Many firms have both an internal PR team and an agency one. When a crisis strikes they work together to address the situation.

Unfortunately traditional crisis management techniques don’t work with a cyber incident, and may even make things worse (here’s why).

Our reputation management team isn’t seeking to displace your PR agency – any more than a heart surgeon would seek to take on the role of family doctor. Instead we work with your internal PR team as well as your agency to provide specialist support.

Not only does our team have incredible crisis manmagement experience – from leading global troubleshooting for IBM to providing specialist support to the World Health Organisation – but we are also experts in cyber incident response. We work with your teams to help them understand the totally different approach that is required with a cyber incident.

We also have global credibility and authority in cyber security, as well as relationships with the leading journalists, analysts and influencers in this arena.

At a time when it’ll be all hands to the pumps, we provide invaluable cyber comms expertise to help your team deal with added complexity and enhanced comms workload.

Any crisis caries with it the treat of misinformation and hysteria on social media and in the press, but cyber incidents are different in nature and thus far more prone to this particular threat.

Following a cyber incident, your own credibility will be at an all time low, so the trick is to think ahead and develop relationships with leading security and privacy influencers in advance so that you can leverage their credibility when it matters most. Key opinionleaders can be used as trusted voices to counter misinformation with authority and counter hysteria with reach and credibility.

Our team includes world-leading opinion leaders for privacy, cyber security and digital ethics.

We can tailor our service packages to meet the needs of your business.

Why you need close collaboration between all three - the in-house teams, the agency teams and the cyber specialists

All the firms that have been most heavily impacted by cyber incidents had both in house and agency teams. Equifax, Marriott and all the others still took actions that made things worse. What they lacked was specialist cyber incident support.

What you really need is close collaboration between all three elements: the in-house teams, the agency teams and the cyber incident specialist – The Crisis Team.

The Crisis Team works closely with in-house and agency teams, to provide the elite capabilities and skills that neither would be able to retain. Our elite team are leaders and global thought leaders in every aspect from incident response and cyber law, to reputation management and social influence.

Don't wait until it's to late - get in touch