Leading during a cyber-crisis

Dan Potter at Immersive Labs describes how leaders can be ready for a nightmare cyber-crisis

 

The constant threat of cyber-attacks has just become just another cost of doing business today. More than half of all UK organisations reported experiencing at least one cyber-incident in the last 12 months, with many being attacked on a weekly basis.

 

While most of these incidents are manageable, organisations never know when a more serious attack may strike, potentially bringing down months of disruption and huge financial costs. 

 

Like any emergency situation, weathering a cyber-crisis calls for strong leadership. A cool head and practised hand at the top of the business can make the difference between a minor incident and a full-blown catastrophe.

 

Effective crisis management requires leaders to make high-stakes decisions with limited information and maintain composure under public scrutiny. By learning from past incidents and establishing a reliable checklist, business leaders can give themselves the best chance of making the right calls when a disaster looms. 

 

Lessons from MOVEit and Log4J

“Those that fail to learn from history are doomed to repeat it.” The adage is especially accurate when it comes to cyber-security. While tactics are constantly evolving and the details of any one attack will differ, studying previous high-profile incidents can go a long way in shaping crisis play books. 

 

The Log4J vulnerability, discovered in December 2021, is a prime example. With roughly one in three applications using the vulnerable version of Log4Shell and thus vulnerable to remote code execution, the incident represents one of the most widespread global cyber-risks yet seen. 

 

But despite its scope, the vulnerability was easily addressed on an individual level by updating from the vulnerable version. The main takeaway from Log4J is the importance of proactive vulnerability management and effective incident response. Regular patching, combined with community collaboration, helped many organisations respond swiftly and contain the impact. 

 

Those businesses out of sync with security trends or with poor patching processes were left exposed for far longer, with many still using vulnerable versions years later.

 

A contrasting lesson comes from the MOVEit breach. Beginning in May 2023, the breach exposed critical weaknesses in the widely used file transfer solution, compromising sensitive data across more than 2,600 organisations and nearly 90 million individuals.

 

Since the Cl0p group exploited a zero-day vulnerability within MOVEit to gain unauthorised access, there was little that could be done to proactively deal with the risk. Instead, this case highlights the value of a strong early detection system, transparent internal and external communication, and coordinated response. Clear communication with stakeholders was essential for managing expectations and preserving trust.

 

Decision-making framework for cyber-crises

When a cyber-crisis strikes, leaders need more than technical knowledge – they need a structured decision-making framework to act effectively under pressure. An effective playbook guides leaders in addressing immediate threats, while also ensuring decisions support long-term organisational goals.

 

The first element of a practical framework is accurate information gathering. In the chaos of a crisis, conflicting information and unverified rumours can spread quickly. Senior management must find credible sources and cross-check facts to make informed decisions. Mapping the crisis’s scope and impact helps determine priorities and allocate resources efficiently, while proactive misinformation management maintains clarity.

 

Setting priorities is the next critical step. An effective playbook must be tailored to the organisation’s specific structure and business needs. 

 

As such, leaders should identify essential functions in a high-stakes scenario, such as protecting data and maintaining key operations, while temporarily deprioritising less critical areas. This focus provides the greatest chance of stabilising operations and minimising the impact while an incident is contained. 

 

Alongside this, ethical considerations are equally vital. Decisions during a crisis can affect employees, customers, and communities, so leaders should weigh up the broader implications of their actions. Upholding fairness and transparency and considering long-term reputational impacts ensures responsible decision-making that respects organisational values and stakeholder interests.

 

The cyber-crisis management checklist

It’s common for policies and processes to eventually get overlooked and gather dust, especially if they don’t see regular use. But this is a very risky scenario for a security crisis framework – when an emergency strikes, no company can afford to waste time flicking through an old file last opened several years ago.

 

Conducting regular risk assessments will enable organisations to identify emerging threats and discover how their own growth and changing business structure has impacted priorities. These assessments need to be fed back into the response framework to keep it current.

 

Further, a comprehensive incident response plan, with clearly defined roles, responsibilities, and communication protocols, should be regularly tested through drills and simulations to ensure readiness. 

 

Ongoing training reinforces the crisis response plan, helping teams gain confidence and familiarity with their roles in an emergency. Ideally, this should include full crisis simulations, including cyber-drills and exercises, that capture the feeling of a real incident.

 

It’s also important to update a framework in the aftermath of a cyber-incident. Once the immediate crisis is under control, a thorough review should be conducted to drive long-term improvement. 

 

A debrief helps leaders analyse their response’s effectiveness, identifying successes and improvement areas. Documenting lessons learned and updating response protocols based on this analysis equips the organisation to handle future incidents more effectively. There should be a mindset of continuous improvement to maintain a strong state of crisis readiness. 

 

A proactive approach to crisis management

As cyber-attacks become more inevitable, business leaders must take a proactive, structured approach to crisis management if they hope to weather an incident successfully. Preparation, effective decision-making, and a commitment to continuous improvement allow organisations to withstand crises and emerge stronger.

 

A proactive crisis management, backed by regular training and practice, instills confidence, reassures stakeholders, and provides the best chance of emerging through a crisis intact. 

 

---

 

Dan Potter is Senior Director Operational Resilience at Immersive Labs 

 

Main image courtesy of iStockPhoto.com and Olemedia