16 01732 759725 Sarthak Sawlani CYBERSECURITY r Good comms processes and governance Once a breach is contained, the next question is who needs to know. A good understanding of who might need to know and how they will be informed is best prepared ahead of time. Are you able easily to inform customers and suppliers, and what might that look like? How and what do you tell your staff? Do you need to put out a statement? If there is a chance you might have to, it can be beneficial to understand who would be used in case of reputational risk, whether that’s an existing PR agency, someone you have on stand-by in case of a crisis, or even whether you can utilise your investor’s agency. You can set up a boilerplate template for use if needed. Lastly, having a specialist legal/ cyber counsel in place may be helpful. More importantly, if you think it might be, it’s best to find them ahead of time. t Lessons learnt Well done, you’ve survived the first hour of a cyber breach! Now what? If you are hit with a cyber-attack, there will be great apprehension that it could happen again. Because of lessons learnt you will be in a great place to create the right feedback loop to try and ensure it doesn’t come to that. And if it does, you should now be much better prepared to handle it. Sarthak Sawlani works in the Investment Team at ECI. Before joining ECI, he spent four years at Oakley Advisory, a TMT corporate finance boutique, and two years at PwC in their TMT corporate finance team. Since joining ECI, his work has centred on the PropTech, Cyber Security and Cloud & Digital Services sub-sectors. ecipartners.com of attack is so crucial, ensuring you’re primed is important. Being proactive rather than reactive will drive this, which is why at ECI we recommend that businesses also do the following. w Roleplay and scenario planning Ultimate responsibility in the event of a cyber breach lies with the Board, but are they ready? Doing tabletop experiences can make sure they are, simulating a breach and practising the responses. It allows the plan you’ve established to be tested and ensures it feels familiar if needed. In a breach, the Board will need to make hard decisions, for example on revenue vs reputation. It is difficult to make those decisions under stress. Without practice, the likelihood of making the wrong decision is high, which can have catastrophic consequences on the business. e Technical team prep Unsurprisingly, your technical team are key early on in an attack. A few key questions you’ll want to ask them are: n Can they isolate systems to stop the breach spreading? n Are they able to monitor and restore the data? n Do they have a critical asset register in place? Knowing this will have a big impact on the actions you are able and willing to take. An understanding of personnel is key. What happens if the CTO or CISO is on holiday? Do they have a ransomware/incident response specialist on speed-dial that they can lean on for support and threat intelligence? And when do you call your insurance provider? The latter can often help triage the problem for you, working together with the internal IT team. With cyber crime forecast to increase exponentially in coming years, businesses need to adopt the mindset of ‘when and not if’ in regard to cyber-attacks. Small to medium-sized businesses are seeing more frequent, targeted and complex attacks, yet only 14% are prepared to defend themselves. Cyber experts claim that after discovery of a breach you have one critical hour in which to minimise damage. Given that damage can have an impact on reputation, revenue, fines, client relationships and even on the mental health of employees, that plan is crucial. So, what does your company need to do to be prepared for that first hour? q Incident management plan The success of the first hour will come down to the incident response/management plan you have in place. Pulling one together on the fly after an attack will be too late as you’ll immediately be on the back foot. An incident management plan should include: n Key contacts for who needs to know what and when, including escalation criteria; n A flowchart for the processes to follow dependent on type of breach, data affected etc.; n Guidance on any legal or regulatory requirements. Having this documented will be a very useful tool to turn to and will form a crucial part of your company’s business continuity plan. It will enable you to practise your incident response to ensure it is fine-tuned and ready to go should it be needed and can also underpin training. As that first hour 60 minutes to save your business Sarthak Sawlani, Investment Manager at ECI Partners, offers tips on how to survive the first hour of a cyber breach Doing tabletop experiences such as simulating a breach and practising responses will help prepare the Board. It allows the plan you’ve established to be tested so that it feels familiar if needed.