The 5 ‘Ts’ of cyber-crisis readiness for every kind of organization

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Andrea Bonime-Blanc, Founder and CEO, GEC Risk Advisory & Tomer Saban, CEO, WireX Systems


• Cyber-resilience is a fundamental principle in the face of rising threats to digital security.

• Cyber-crisis preparedness is a crucial part of broader cyber-resilience, no matter how big or small your organization.

• Talent is the most important of the five “Ts” of cyber-crisis preparedness.

In a world of continuous change, challenge and chaos, it is critically important that every organization – from the smallest mom-and-pop business to medium-size nongovernmental organizations (NGO), government agencies and global multinationals – has concrete cyber-crisis readiness plans ready for deployment at any time. Not having this aspect of cyber-resilience in place before the “big” cyber event occurs can become a serious, material or even deadly financial and reputational hit to any entity and its leaders. That has become especially true in this era of multiple cyber and pandemic crises.

As seen in a recent World Economic Forum piece, there are eight essential elements of building a cyber-resilient organization, as illustrated and summarized in the diagram below:

The 8 principles of cyber-resilience
The 8 principles of cyber-resilience Image: A. Bonime-Blanc. Gloom to Boom. Routledge 2020.

In this article, we delve more deeply into the nuts and bolts of one of these elements – crisis readiness – as it applies to cyber-risk and security management. We offer five critical aspects of building effective cyber-crisis readiness, the overarching purpose of which is to build, retain and continuously improve organizational cyber-resilience.

Before we outline the five “Ts” of crisis readiness, let’s get our arms around the meaning of “organizational cyber-resilience”. Here is a definition from a 2020 Swiss Re/GEC Risk Advisory White Paper on this topic:

“Cyber-resilience is an organization’s ability to sustainably maintain, build and deliver intended business outcomes despite adverse cyber-events. Organizational practices to achieve and maintain cyber-resilience must be comprehensive and customized to the whole organization (i.e. including the supply chain). They need to include a formal and properly resourced information security program, team and governance that are effectively integrated with the organization’s risk, crisis, business continuity, and education programs.”

— Maya Bundt & Andrea Bonime-Blanc, GEC Risk Advisory

So, in addition to resources, governance and cross-integration with other programmes within an entity (like risk, business continuity and education), effective cyber-crisis preparedness is an essential part of building and maintaining cyber-resilience.

The five “Ts” of organizational cyber-crisis readiness

While the details and tactics of building organizational cyber-crisis readiness will depend on a lot of factors (size, geography, industry, maturity level, diversification, human capital, purpose, complexity, products, services, etc.), there are clear categories of actions that any entity should take that are customized to that entity and its purpose and portfolio. These are the five “T’s” of cyber-crisis readiness:

1. Talent & planning

The most essential component of cyber resilience (and cyber-crisis readiness specifically) is to have the right people preparing by sitting around the virtual or actual table, rehearsing for actual cyber crises and dealing with them when they come.

A well-formed crisis management team and plan will consist of:

  • Specified individuals, including from the highest level of the organization, and including a liaison to the board or other oversight body
  • A crisis-management team leader and a backup leader as well as alternates to the main core group members
  • Regular meetings of the team (principals and alternates) to compare notes, review, update, revise protocols and engage in scenario exercises
  • A customized crisis-management plan, no matter how simple, with details about the who, what, when, why and how of a crisis
  • A key, high-level team member with knowledge and visibility of the digital and technological footprint of the organization and its information security and business continuity systems, like a chief information security officer or similar

2. Technology & infosec governance

It is critical for an organization to have determined its overall technology and information security (infosec) governance approach – in other words there needs to be a method to the madness of how an organization determines, protects and runs interference on all things digital within its footprint.

This would include connecting the dots and having an overall philosophy determined at the highest levels of the organization (including the board and management) on how to deal with overarching data, infosec and cybersecurity governance, as well as linking crisis management to the following:

  • IT systems support
  • Human resources and travel protocols
  • Data protection and retrieval
  • Accounting and finance systems
  • Legal and regulatory issues, requirements and implications
  • Facilities management

3. Training & communication

An entity – regardless of size – must have some form of cyber-hygiene education plan in place where testing of the system and teaching of staff and third parties about the “do’s and don’ts” is critical and always ongoing.

Training and preparedness need to extend to all corners of the organization from the very top (the board should be informed and trained regularly on the entity’s cyber-resilience) to the latest recruits, and across all disciplines, functions, operations, sub-entities and far-reaching locations. Moreover, crisis-preventing cyber-hygiene training and communications should extend to the supply chain ecosystem of an entity as well, since so much of the cyber-threat matrix enters an entity’s domain through third parties.

4. Technology tools

As the people, governance, training and communications pieces of a cyber-crisis plan take shape, it is critically important that the team and the plan have the right insight into and mapping of all the necessary and desirable technology tools deployed throughout the organization – both in advance of a major cyber-crisis and for purposes of maintaining post-crisis business continuity.

When looking at security tools that should be in place, there are three key concepts to consider: visibility, simplicity and automation.

  • Visibility. As the saying goes: “You can’t protect what you can’t see.”
    It is critical that an organization be able to constantly monitor its cyber environment and quickly move from a bird’s eye view into the specific actions that have happened.
  • Simplicity. We are living in a challenging time where skilled security personnel are in very high demand and entry-level personnel need to use tools that enable them to perform at more experienced analyst levels, especially when there is a serious cyber breach.
  • Automation. It is critical to having an effective incident response plan. With the propagation of so many security tools, it is no wonder that analysts are overwhelmed with more alerts than ever before. Manual tasks and repetitive work should be effortlessly completed with an effective automation program that frees infosec personnel to focus on the real threats and on proactive threat hunting.

5. Triangulation & continuous improvement

Finally, there is a series of important system-wide practices and policies that need to be part of the cyber-crisis readiness approach of every entity that helps to triangulate (identify, mitigate and solve) problems preferably before they happen but often after the fact as well. They include:

  • A robust and agile enterprise risk-management programme that seamlessly incorporates cyber-risk issues
  • A likewise robust auditing and evaluation system – with both internal and external experts – who can deploy, read and interpret information security and related concerns, gaps and problems before they become too large
  • A deliberate and concrete continuous improvement system embedded into the entity where lessons learned from past mistakes are deeply analyzed and utilized to integrate improvements into the risk and security profile of the entity

What is the World Economic Forum doing on cybersecurity

The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority. World Economic Forum | Centre for Cybersecurity

Our community has three key priorities:

Strengthening Global Cooperation – to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience – to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

We believe that businesses, NGOs, government agencies and other types of organizations will truly benefit from this systematic approach to building a deliberate cyber-crisis-ready approach. In this way, the worst of the downsides of a cyber attack can be mitigated and maybe even thwarted because of the coordinated and seamless approach of the internal team and their external experts, infosec governance, and the technology tools deployed to build sustainable cyber-resilience.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Constitution of the 9th legislature of the European Parliament

To solve big issues like climate change, we need to reframe our problems

Any doubt?

GSMA announces first speakers for Mobile 360 Series-Middle East and North Africa

A Sting Exclusive: “Accelerating Trade Digitalization in Times of the Pandemic”, written by the UN Under-Secretary-General and Head of ESCAP

NATO summit, Brussels, 11-12/07/2018

The United Kingdom’s decision to leave the European Union will impact young people’s future the most

Guterres welcomes conduct of Afghan elections, commends ‘all who braved security concerns to uphold their right to vote’

Can I still send mail in the time of coronavirus?

Stable growth momentum in the OECD area

A brief history of vaccines and how they changed the world

Quality Internships: Towards a Toolkit for Employers

This company is breeding millions of insects in the heart of London

7 surprising and outrageous stats about gender inequality

Welfare of transported animals: MEPs urge EU states to do a better job

Financial support for workers affected by no-deal Brexit

EP leaders call for negotiations on upgraded Transparency Register to continue

Eight years after Fukushima, nuclear power is making a comeback

Black historical figures who shook the world, from a warrior queen to a Mexican president

Parliament approves key directive regulating professional qualifications

Russia won’t let Ukraine drift westwards in one piece

Elections in Europe: No risks for the EU, leaders readying to face Trump-Brexit

More needs to be done to bridge the digital gender divide

Technology and public healthcare: the basis to fight COVID-19

Forest fires: EU continues to mobilise assistance for Greece and other countries in region

Data Protection Regulation one year on: 73% of Europeans have heard of at least one of their rights

Too Young to Feel Hopeless – Mental Health of the Youth and the Effects of COVID-19

EU will have stronger powers in trade disputes

UNICEF calls on supply chain and transport industry to take COVID-19 vaccines to the world

Nairobi summit: Women’s empowerment a ‘game changer’ for sustainable development

Syria: At least seven children killed in yet another airstrike

Budget MEPs approve €104.2 m in EU aid to Greece, Spain, France and Portugal

This woman solved one of the biggest problems facing green energy

Withdrawal Agreement: Commission sends letter of formal notice to the United Kingdom for breach of its obligations under the Protocol on Ireland and Northern Ireland

‘You can and should do more’ to include people with disabilities, wheelchair-bound Syrian advocate tells Security Council in searing speech

3 dynamics shaping the future of security on the Korean peninsula

Wednesday’s Daily Brief: Women boost work profits, saving biodiversity, UK loses Chagos Islands vote, Gaza funding, malaria-free in Argentina, Algeria

Madagascar: UN Secretary-General reaffirms support for electoral process

Chart of the day: This is how many animals we eat each year

New Zealand Prime Minister opens door to 4-day working week

Digital democracy: a Swiss view on digital trust

Libya: Heavy shelling and civilian deaths ‘blatant violation’ of international law – UN envoy

Coronavirus: Commission presents practical guidance to ensure continuous flow of goods across EU via green lanes

Further reforms in Sweden can drive growth, competitiveness and social cohesion

Plastic is a global problem. It’s also a global opportunity

‘Counter and reject’ leaders who seek to ‘exploit differences’ between us, urges Guterres at historic mosque in Cairo

Avocado: the ‘green gold’ causing environment havoc

A third of young people polled by UN, report being a victim of online bullying

As ride-hailing firms drive into the future, who is being left behind?

COVID-19 has been a setback for women. Gender-responsive policies can stem the losses

How India can become a leader in sustainable aviation fuel

‘Stealing’ food from hungry Yemenis ‘must stop immediately’, says UN agency

Why is scientific collaboration key? 4 experts explain

Women in Switzerland have gone on strike – this is why

Climate change hits the poor hardest. Mozambique’s cyclones prove it

COVID-19: Commission creates first ever rescEU stockpile of medical equipment

MEPs strengthen EU financial watchdogs

More than 90% of the world’s children are breathing toxic air

Chart of the day: These countries have seen the biggest falls in extreme poverty

Security: better access to data for border control and migration management

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: