4 Essential Planning Considerations for Crisis Teams Facing Increased Cyber Threats

By PreparedEx and OnSolve

With the threat of cyber attacks at an all-time high, it is more important than ever for businesses to have a plan in place for crisis response. Cybersecurity agencies have issued high alerts, warning of an increase in attacks over the next few months. If your business isn't prepared, you could be at risk for data theft, financial loss and damage to your reputation. In this blog post, we will discuss four essential planning considerations that should be addressed now.

1. The Overall Crisis Plan is as Important as the Specific Cyber Playbook

Before a crisis hits, it is essential to have a plan in place. In normal times, this plan should be reviewed and updated regularly, taking into account the ever-changing landscape of cyber threats. During these unprecedented times, this plan and the other preparedness plans that help support the resilience of your organization and its stakeholders need more than just an update. They need a major review and overhaul.

While technology is a critical part of any cybersecurity response strategy, it is not the only consideration. People are often the weakest link in the security chain, not technology, so it is important as part of your plans to consistently remind employees on best practices for security and data protection.

In addition, businesses must have processes in place for detecting and responding to incidents. These processes should be tested regularly to ensure they are effective. Dust off plans and ensure team members understand their roles and responsibilities. It’s a dangerous fact, but most organizations are not keeping current with their crisis plans.

2. Know the Cyber Risks Specific to Your Organization

Now is the time to carry out a horizon-scanning risk session with cross-functional leaders.

Each organization has unique risks that must be considered when developing a cybersecurity response strategy. These risks will differ depending on the industry, the size of the company, and the type of data being protected. For example, a healthcare organization will have different risks than a retail company. It is important to understand your specific risks in order to develop an effective plan for mitigating them.

As the saying goes, an ounce of prevention is worth a pound of cure. By carrying out regular risk assessments, businesses can identify potential threats and take precautions before these threats become actual problems.

Horizon scanning is a process that helps organizations stay ahead of emerging risks by identifying and analyzing possible future threats. This should be done with input from cross-functional leaders in a holistic discussion to get the broadest perspective on potential risks.

As we are talking about cyber threats, what about physical threats that may well be related? A recent CBS report on our nation’s electrical grid vulnerability details a physical attack on the grid in 2013 when a still unknown group shot up electrical transformers in San Jose, California for twenty minutes, threatening all of Silicon Valley with a blackout.

Here's a link on Horizon Scanning.

3. Conduct Simulated Crisis Exercises Based on Your Horizon Scanning and Risk Concerns

Once you have updated your plans and identified potential risks, it is important to test your plans and response team. This crucial step is accomplished by conducting exercises on realistically simulated crises. Such exercises are the only way to fully assess and improve the efficacy of your plans and response team for maximum preparedness.

Regularly testing how you’re using your critical communications system during these exercises will help improve incident response and maintain organization-wide transparency. Critical communications around a cyber event is more than just alerting teams when something occurs – it is crucial to activating response teams, keeping stakeholders informed and maintaining SLAs, which can impact brand reputation if not done correctly or timely.

By understanding your planned response and the specific risks by conducting regular risk assessments and exercises, you can stay one step ahead of attackers, or at least be in a better place to respond when an incident does occur.

4. Update Plans Based on the Results from the Simulation Exercises

After conducting your scenario-planning exercises, it is important to update your response plans based on the results. This will help ensure that your plans and team are effective and can be deployed quickly if a crisis occurs. The more realistic the exercises are, the better prepared you will be for an actual attack.

In order to properly prepare for a cyberattack, businesses must take into account the ever-changing landscape of threats. By implementing these four essential planning considerations, you can develop a plan that will help protect your organization from harm.

Improving Your Mean Time to Resolve

The tactics we’ve covered will help prepare any organization to reduce their mean time to resolve (MTTR). And although people are the biggest weakness with cyber attacks, technology can make them more efficient and able to respond when something does occur. Removing manual processes through automated response team activation and escalation requires planning, exercises and regular updates. You can’t just “set it and forget it.”

Equally important to reducing your MTTR is transparency across the organization and key stakeholders. Testing your critical communications around cyber threat situations isn’t just about responding, it’s about making sure your cross functional are comfortable with the level of communication they receive. Ensuring  timely, accurate and regular updates are occurring when every moment counts.

Looking for more best practices and advice to be fully prepared to respond and successfully manage a crisis like a cyber attack? Join OnSolve and PreparedEx at the 7th Annual International Crisis Management Conference (ICMC), June 7 – 8, 2022. And, don’t miss Matt Bradley, VP of Global Security Solutions for OnSolve present The Power of Artificial Intelligence in Crisis Management.


OnSolve® proactively mitigates physical threats, allowing organizations to remain agile when a crisis strikes. Using trusted expertise and reliable AI-powered risk intelligence, critical communications and incident management technology, the OnSolve Platform allows organizations to detect, anticipate and mitigate physical threats that impact their people and operations.