In part two of our series on preparing, responding and recovering from a cyber attack we look at the way your risk, tech and legal teams should respond in the event of a breach. Read part one to find out how to build up your organisation’s cyber resilience against threats before they occur.
The reality of cyber threats in the current day is that while you can protect your business against the more obvious attacks or breaches, it is almost inevitable that they will still occur in some form.
In our previous article we discussed what to do to prepare for a cyber attack. There are definite ways that you can reduce the probability of a breach and limit its severity should it happen. But what can you do if, or in reality, when, a major attack happens?
There will be multiple actions that need to take place immediately to investigate, contain, minimise and rectify the impact of the incident. Your response, like the preparation beforehand, will require coordinated action from all parts of the business, in particular, the risk, IT and legal functions. As with any crisis, a calm and coordinated response is key.
Here are our top recommendations:
In the final part of this series we will look at what actions the risk, IT and legal functions can take to help the organisation get back on its feet after a cyber attack as quickly, and safely, as possible.
For further information on how your business can shore up defences against cyber attacks, and how to respond if an incident occurs, check out PwC Australia’s cyber security site.
*For example: Are you under a mandatory obligation to notify regulators and impacted individuals? Do your contracts include incident related obligations or do they expose you to termination triggers? Are you across your insurance arrangements, including your cyber insurance policy requirements?
**The OAIC provides a robust framework for this covering containment, breach assessment, eligible breach notification and information on reviewing the incident.
Also contributing to this article:
Andrew Morrison, Senior Associate, Financial Advisory – Legal, PwC Australia
James Patto, Director, Financial Advisory – Legal, PwC Australia
David Stocks, Senior Manager, Consulting – Digital Transformation, PwC Australia
Helen Teixeira, Senior Manager, Assurance – Trust & Risk, PwC Australia
© 2017 - 2021 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.