fbpx Skip to main content

Who Belongs on Your Cyber Risk Team?

If cybersecurity is how you travel, then you’re going to need a team for this journey. Here are some of the people you will want on your team to help prevent security breaches and increase your cyber resilience.

Frontline People

These are the individual members of your workforce. They will make a good portion of the data security errors and omissions, so train them very well in prevention and how to work during a systems outage or cyber-attack.

They are also some of your best intrusion detection sensors, so train and reward them for reporting suspicious events.

First Level Supervisors

Without buy-in from frontline supervisors, your cyber risk management program is severely crippled. Supervisors breathe life into your cybersecurity program.

How is that?

Whenever a person in your company needs to know what’s truly important about their daily work, they ask their supervisor. If cybersecurity doesn’t matter to the supervisor, then it probably won’t matter to their team members.

Business Systems Owners

This is the “point-person” on your team for all major operational decision-making about the system.

Usually, only the most important line of business systems requires this kind of oversight. If you work at an insurance company this would be your claims processing system. For other organizations, it might be your e-commerce website.

When a serious cybersecurity incident prevents the system from running as it should, they need to know how your workforce members will serve customers without access to their systems or data.

Chief Information Security Officer (CISO)

This is the senior-level executive responsible for establishing and maintaining the overall vision, strategy, and program to ensure information assets and technologies are protected.

In large companies, this is a dedicated role. But it’s often missing in small or medium-sized organizations. A reasonable decision would be to make the CISO role an additional duty for someone in the executive suite, such as the CIO or general counsel.

Inside Counsel              

Your general counsel needs to understand the legal aspects of how to prevent and respond to a cyber incident. This person must also have a good relationship with your technology department so they will work effectively together when responding to a serious cybersecurity incident.

Outside Counsel

Find outside counsel that is cybersecurity-experienced. Get their advice anytime an external threat is received. Notify them before telling police.

All types of non-routine cybersecurity engagements should be performed with your outside counsel under attorney/client privilege (ACP). This includes annual risk assessments from outside parties and any serious cybersecurity investigations conducted by an outsider.

However, it’s not necessary to have routine cybersecurity work conducted under their supervision, such as quarterly vulnerability scanning. In fact, overusing ACP can weaken it where you really need it.

Federal Bureau of Investigation (FBI)

Meet your local agent in advance, not during your first major cybersecurity incident.

Try to speak with the senior-most Special Agent on the Cyber Task Force. Call the nearest Field Office and ask to be put in touch with that person. Then, take them out for coffee or lunch and ask them how to prepare to work with them before you fall into crisis mode.

Public Relations

You want a person or a firm that has expertise in handling public data breaches and major systems outages. They need to be able to give you solid answers to questions like:

  • When is it appropriate to communicate incident details to outsiders?
  • How is that done and by whom?

Digital Forensics

To maintain objectivity, your outside forensics company must be different from the companies used for any pre-breach work, like training, setting up systems security, or policy writing.

It’s tempting to let a single company provide all your outside cybersecurity expertise, but don’t give in on this one. Otherwise, you may not learn everything you need to know about how to prevent the next cybersecurity incident.


Depending on the cybersecurity incident you’re facing, you may need to put your building on lock-down. And, you might need to search the building for threats, or help your people leave during a power loss. Do your facilities personnel know what to do when you call on them?

Emergency Management

These people are experts at handling non-digital disasters.

Think hurricanes and active shooters.

Make friends with them and learn from them! If they have an emergency operations plan, consider adding an annex that covers a cyber-based disruption, such as a catastrophic systems outage.

Cyber Risk Opportunities helps middle market businesses practice reasonable cybersecurity by prioritizing and reducing your top cyber risks, including the specific requirements of PCI, HIPAA, SOC2, ISO 27001, DFARS, and more.

Get in touch today to learn more and take advantage of a free 30-minute Q&A session with one of our cyber risk experts. Call 253-332-7867, or email us at info@cyberriskopportunities.com.