Top 3 Actions Every Middle Market Executive Must Take on Cyber Incident Response

Over the last several weeks, I’ve been talking with a lot of middle market executives in the greater Seattle-area. These folks fit the profile of our potential customers: They’re senior managers who see themselves as responsible for cyber risk. But, rather than selling to them, I’ve been doing research to learn more about their cybersecurity needs.

Some subjects come up a lot, like cyber-insurance. And the large number of ransomware attacks. And emails trying to get someone in finance to move a ton of cash on short notice to a dark corner of our planet.

Every now and again I hear about a really meaty issue, like whether to turn on full or partial encryption for production databases. Yet some things I expect (hope?) will come up just don’t.

Like cyber incident response.

So, I’ve taken it upon myself to answer the question never asked: “Kip, what are the top 3 things I should do at my level to prepare for the big cybersecurity breach I hope will never come?”

Glad you asked!

  1. Believe it or not, early detection of a data breach saves you money. The longer it takes to discover a breach, the more it costs to deal with. (Just ask Yahoo, who’s in the middle of being acquired.) So your first step is to ask your management team: “How good are we at detecting data breaches?” If anyone answers “Great!” ask them to walk you through how they do it. Right now, very few of us are great at it. But this will give you some idea of where you are.
  2. Cybersecurity breaches are packed with a lot of potential liability issues. To reduce your risk, all types of non-routine cybersecurity events that involve people outside your organization should be discussed under attorney/client privilege. So your next step is to have a conversation with an outside attorney who specializes in cybersecurity and ask them for guidance.
  3. Unfortunately, most companies find out they’ve suffered a data breached by law enforcement, the news media, or a customer. Ouch! The only thing worse than battling a data breach is when someone else fires the starting gun! Maybe that’s why Yahoo sat on their 2014 data breach for two years before telling anyone about it. So your last step is to ask your head of public relations if they’re ready right now to manage a data breach that spins out of control before you’ve even had a chance to understand what happened.

What’s on your top 3 list?