This is not a drill.  Your email is under attack.

Is your organization prepared?

How will they respond?


No matter how well you prepare technically for and educate and train your team on cyber resilience, at some point you’re going to experience a cyberattack.

Yet, almost two-thirds (65%) of leaders don’t feel their organizations are fully equipped or updated to address email-based cybercrime like whaling, according to Mimecast data. Now consider this: Executives in Experian’s survey estimated it takes up to a full year for brand image and reputation to rebound after a cyber crisis.

Convene a group of employees to design a cyber crisis response plan, and to build a rapid-response team to manage the crisis so the rest of your staff can focus on keeping the business running.


1. Develop a response plan.

The American Institute of Certified Public Accountants suggests working with external cyber-risk professionals to produce a plan for responding to a targeted email attack. Many insurance companies and consulting firms also offer guidance and frameworks. These resources are valuable but resist the temptation to outsource the plan completely.

Just like your training program, your response program must be tailored to your organization’s specific needs, infrastructure and staff. Besides the CIO, CTO or CISO, enlist others to collaborate with the experts to generate a plan that’s realistic for your organization.

2. Form a response team.

A crisis response team is purpose-built. According to McKinsey, “The ideal crisis organization includes a set of small, cross-functional teams, typically covering planning and intelligence gathering, stakeholder stabilization, technical or operational resolution, recovery, investigation, and governance.” Follow this advice to develop a strong and effective group:

  • Create a diversity of skills, perspectives, and processing techniques. Your team should represent key operational departments and reflect a diversity of level and expertise. Then screen for cognitive diversity. Comprising a group of people who approach problem-solving and information processing differently allows for more robust research, discussion, and decision-making. A more heterogeneous group also enables you to capture different experiences and perspectives, which has been shown to promote better reasoning and more creative thinking. Some cyber-resilience experts suggest including outside crisis and cybersecurity professionals on the team since they have the most current information on response best practices and live outside the current constraints of the organization.
  • Focus on efficiency. While you want members from around the organization, a large team is harder to activate in a true crisis, makes it harder to maintain confidentiality, and takes more people away from critical day-to-day operations. Right-size your response team for your organization.
  • Practice teamwork. It’s likely team members won’t be working together outside response team. Establish a clear reporting structure and decision-making authority ahead of time, and convene the group regular updates and response drills help them collaborate effectively in a real cyber crisis.

3. Deploy drills.

We all rolled our eyes at those fire drills in school until that one time the building really was on fire. Cybersecurity drills are crucial for executives and staff, and for your crisis response team. These cybersecurity attack rehearsals – some announced, some not – develop preparedness and identify areas that need more attention. Simulations give us a safe space to go through the motions and see how it feels when we are under attack. After each drill, do a performance analysis to understand how your plans and processes worked (or didn’t) and to see how employees reacted under realistic conditions. Use the findings to revise your procedures and provide additional support for employees who don’t perform well.

Clearly, the faster and better you respond to a cyber crisis, the faster your business recovers.


Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Cybercrime Crisis Management: Communications Plans

Cybercrime Response: Why you need a cris…

Cybercrime Response: Why you need a crisis communications pl… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Jul 06, 2017

3 Tips for Expanding your Organization’s Advanced Security Strategy

With a leadership team in place and a s…

With a leadership team in place and a set of known and like… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Sep 05, 2017

Advanced Security, Know the Data

Key Data on Why Cybersecurity is Everyon…

Key Data on Why Cybersecurity is Everyone’s Business Cybers… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Aug 17, 2017