The debate about whether companies will be breached is over. It was consigned to history at the same time as industry parlance quietly shifted from ‘100% protection’ to outlining the importance of layered defenses.
Yet companies are still regularly caught unprepared. Botched breach responses that strangulate brands and puncture company value are a cyclical business occurrence, with each one now costing on average $3.9m. Once hit, no number of defensive countermeasures will soften the blow; only effective response will help. In fact, according to one estimate, forming an incident response team will save $360,000 of the cost of a breach.
So how can you help your team to respond better? Preparing for cyber crises isn’t just about writing down which steps to take in specific incidents — it’s about instilling the right mindset to respond to all incidents. Arming your people with this will protect the organization in the long term.
We set out to ask a varied set of people, many from outside cybersecurity, how companies can instill this ethos. We talked to experts in organizational psychology, communications, education and even the military, as well as a senior security leader who has been through a high-profile breach. We immersed ourselves in understanding the human element, because that is what we do.